Updating advanced guestbook 2 3 updating transas ecdis
After all if they can't find it they can't exploit it. also went on a search on a while ago and searched for guestbooks open for the exploit ! What would you guys suggest, I'm not even sure how to upgrade.
Next copy the database info from your php into the Lazarus one and then replace the old one on the server.
i'm not sure if the version 2.3.1 isn't open for the exploit with the empty username and the password ') OR ('a' = 'a well ... everything quite easy first go and read all the stuff written at either one of those should work fine about the version i'm not sure i just downloaded the latest version from therefore i suppose it's version 2.3.1 !!
i could gain access on SOME guestbooks on the internet runing the version 2.3.1 .... sometimes the exploit just worked and other times it doesn't !! developed a security patch for this exploit a couple of days ago and just thought it might be worth posting here and let other people know about sooo ...check out this link = so what am I trying to say ?? just decide for which you want to go 1.) protect via .htaccess file 2.) install the patch !
I found out that Advanced Guestbook 2.2 appears vulnerable to SQL Injection granting the attacker administrator access. as i don't have any older version like 2.2 i don't recmommend to install the patch on a 2.2 version !
The attack is very simple and consists of inputting a special password string leaving the username entry blank: So I suggest you upgrade to the latest version. Yesterday as a matter of fact, some guy in poland hacked the guestbook which gave him the ability to change and remove files off my webserver. better upgrade to 2.3.1 and then install the patch ! version so i can have a look on how to secure this thing hope this helps becki I've just done a search on Google for "advanced guestbook 2.2" and every site i found I could log in on.