https://www.exploit-db.com/exploits/24050
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200404-080

AdvancedGuestbook是一款基于PHP的留言系统。AdvancedGuestbook对用户提交的密码参数缺少正确过滤，远程攻击者可以利用这个漏洞绕过验证匹配，未授权访问系统。提交包含类似如下的字符串：’)OR(‘a’=’a作为密码参数，可绕过验证以管理员权限访问系统。

source: http://www.securityfocus.com/bid/10209/info

It has been reported that Advanced Guestbook is prone to a SQL injection vulnerability that could allow an attacker to gain administrative access to the application.

This issue is reported to exist in Advanced Guestbook 2.2, however, it is possible that other versions are affected as well.

JQ <[email protected]> explains that it is possible to trigger this issue by leaving the username entry blank and entering the following string in the password field:

') OR ('a' = 'a

Spy Hat <[email protected]> comments that it is also possible to leverage this issue by leaving the password field blank and entering the following string into the username field:

? or 1=1 --

来源:XF
名称:advancedguestbook-sql-injection(15892)
链接:http://xforce.iss.net/xforce/xfdb/15892
来源:BID
名称:10209
链接:http://www.securityfocus.com/bid/10209
来源:BUGTRAQ
名称:20040421AdvancedGuestbook2.2–SQLInjectionExploit
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108258046402890&w;=2
来源:BUGTRAQ
名称:20050212Re:AdvancedGuestbook2.2–SQLInjectionExploit
链接:http://archives.neohapsis.com/archives/bugtraq/2005-02/0138.html