You Don't Wanna Be A Guest Of The Guestbook Pro Vulnerabilities

News

Contributed by: Lauren Gerber
Date: July 10, 2009

	1 Vote 0	You Don't Wanna Be A Guest Of The Guestbook Pro Vulnerabilities

I am sure that the possibility exists that in the future there will be one solution to all the computer security vulnerabilities. I am also sure that the possibility exists for there never to be one single cure for all the computer security vulnerabilities. Only time will tell exactly what will occur in the world of computer security vulnerabilities. This being said, let us get back to the present, so I can tell you about some vulnerabilities which have recently been reported in Online Guestbook Pro.

Yes it is official, some vulnerabilities have been confirmed as well as reported in Online Guestbook Pro. It is a comprehensive and easy to use guestbook system. There are many wonderful features as well as lots of support available. You could make use of Google Desktop, when using this program. Some files of Google Desktop include : a0002231.exe, GOEC62~1.DLL, GoogleDesktop.exe, GoogleDesktopHyper.dll as well as GoogleDesktopIndex.exe.

Some of the many main features that Guestbook Pro offers

Auto Email Link

Session-driven Image Verification Code

Advanced Search (All data)

Handle All characters in ANY combination

Entry Modify Interface (For Admin)

Theme Support

Blank Line Protection

Separated Config File

Dynamic Character Count (Submission Form

Table 1. Some of the main features offered by Guesstbook Pro

These vulnerabilities unfortunately run the risk of being exploited by malicious characters in order to conduct cross site scripting attacks. These vulnerabilities are due to certain input which is passed to the "search_choice", "display", and "entry" parameters in ogp_show.php. These have not been correctly modified prior to being returned to the individual user. This runs very high risks of being successfully exploited in order to execute arbitrary script code as well as HTML code in the browsing session of a user.

Which version has these vulnerabilities been reported in? These vulnerabilities have been confirmed and reported in version 5.1. All the Online Guestbook Pro users out there need to be consciously aware of the factor that they are not out of the clear yet. The reason being, other versions may also run the risk of being affected. The solution to this vulnerability may be to actually filter any malicious characters as well as character sequences with the use of a proxy. I wish you all the best of luck and hope you have a safe and secure Online Guestbook Pro experience.

Resources:
Online Guestbook Pro.
One of the advisories for this vulnerability.
Another advisory for this vulnerability.
Some main additional information with regard to the Online Guestbook Pro vulnerability.

User Comments

Featured Videos

Modify hosts file

From: PC1News Videos

Added: June 13, 2009

Software Downloads

SpyHunter V.3

Free Spyhunter Scanner (Spyware/Trojan Detection). DETECT Spyware, Trojans, Worms, Viruses and malware on your PC absolutely FREE.

Download now

Registry Mechanic 8

Award Winning software, Fixes registry and improves computer performance. Created by a division of Symantec, this tool will scan your registry and find errors that can be later cleaned either individually or all together.

Download now

SpywareBlaster 4.1

The tool is used to prevent the installation of spyware and other potentially unwanted software. As soon as you download it, you will be able to protect your system.

Download now