Signature Detail

HTTP: DBGuestBook DBS_Base_Path Parameter Multiple Remote File Inclusion

This signature detects attempts to exploit a known remote file inclusion vulnerability against DBGuestBook. It is due to insufficient validation of user-supplied input. A remote attacker can exploit this by enticing a target to open a malicious URL link. A successful attack can result in arbitrary code execution and loss of sensitive information.

Extended Description

DBGuestbook is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible. Version 1.1 is vulnerable; other versions may also be affected.

Affected Products

• DBScripts DBGuestbook 1.1

References

• BugTraq: 22658