The RNN Guestbook version 1.2 has multitudes of vulnerabilities. They range from allowing a remote attacker to execute commands to the ability to achieve full administrative access without authentication. Full descriptions and exploitation enclosed.
bbc07675f04461c29b805cfaf9019fee859075f88d1bcbb7eef350c4e27c9d74
The TRACKtheCLICK script is vulnerable to an injection attack due to the User-Agent and Referer variables not being filtered in click.cgi, allowing a malicious attacker to spoof incorrect information and when admin.cgi is opened, the injected code will be executed by the victim's browser.
1aaaed1d3addfb60459fea9d4ac3a4bcb3f996fedc2ddabc1ff833147a5a8a84