Vulnerability ID: HTB23028
Reference:
http://www.htbridge.ch/advisory/multiple_xss_in_gbook_php_guestbook.html
Product: GBook PHP guestbook
Vendor: PHPJunkyar ( http://www.phpjunkyard.com )
Vulnerable Version: 1.7 and probably prior
Tested on: 1.7
Vendor Notification: 06 July 2011
Vulnerability
Some additional information about http://www.securityfocus.com/bid/14725 has
been disclosed.
http://gbook.sourceforge.net/sec/14725
Informations :
°°
Language : PHP
Tested version : 1.4
Problem : Admin access
PHP Code :
°°
/gb/index.php :
--
include("config.inc.php");
if($action == "login") {
if($user == $loginu && $pw == $loginpw)
{
setcookie("login