vulnerable ?

vincenttor · Post by **vincenttor** » Wed Aug 12, 2009 1:29 pm

i know this is not the right way to post it
but i was checking my statistics

and found someone came on my site by this searching method

inurl:"gbook.php?a=sign" site".com

12 Aug, 09:33:49

Oekraïne Oekraïne

102.114.120.77.colo.static.dc.volia.com

1

Linux Linux i686

Firefox Firefox 3.5

www.google.com.ua

http://www.google.com.ua/search?q=inurl ... t=200&sa=N

could there be something vulnerable for script kiddy's or something in the guestbook ?

DC · Post by DC » Wed Aug 12, 2009 4:41 pm

I am not the dev but I can tell you this I have been using JunkYard Scripts since the get go and they are usually very solid and tight against hacks as you mention. so I would highly doubt that Klem would allow such hack points to exist.

But im sure he will post next and let you know.
Thats just my 2 cents on what I know, as I have been using and tweaking them forever.

DC

Post by **Klemen** » Wed Aug 12, 2009 5:13 pm

Anyone can attempt with any URL

gbook.php?page=xxx.com
gbook.php?page=SOME_MAILCIOUS CODE

But this doesn't mean it's a vulnerability because GBook validated input parameters and $page defaults to 1 if an invalid page is entered (or any other variable for that matter).

So this means some script kiddie is trying, but it's not a vulnerability as GBook checks the code before executing it.

vincenttor · Post by **vincenttor** » Wed Aug 12, 2009 5:47 pm

no i dont doubt that, but thought maybe good to let you know if there is something wrong
did not knew that

its a super guestbook no problems @ all with it