LS simple guestbook (v1) Remote Code Execution Vulnerability

######################################################## #&nbsp;&nbsp;&nbsp;Special&nbsp;Greetings&nbsp;To&nbsp;-&nbsp;Timq,Warpboy,The-Maggot&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;# ######################################################## File:&nbsp;index.php Affects:&nbsp;LS&nbsp;simple&nbsp;guestbook&nbsp;(v1) Date:&nbsp;15th&nbsp;April&nbsp;2007 Issue&nbsp;Description: =========================================================================== LS&nbsp;simple&nbsp;guestbook&nbsp;fails&nbsp;to&nbsp;sanitize&nbsp;user&nbsp;input&nbsp;that&nbsp;it&nbsp;writes&nbsp;to&nbsp;the posts.txt&nbsp;file&nbsp;when&nbsp;the&nbsp;user&nbsp;leaves&nbsp;a&nbsp;message,&nbsp;this&nbsp;file&nbsp;is&nbsp;then&nbsp;included causing&nbsp;any&nbsp;php&nbsp;code&nbsp;within&nbsp;it&nbsp;to&nbsp;be&nbsp;run. =========================================================================== Scope: =========================================================================== An&nbsp;attacker&nbsp;can&nbsp;inject&nbsp;arbitrary&nbsp;php&nbsp;code&nbsp;and&nbsp;potentially&nbsp;execute&nbsp;commands on&nbsp;the&nbsp;system. =========================================================================== Recommendation: =========================================================================== Add&nbsp;the&nbsp;following&nbsp;line&nbsp;of&nbsp;code&nbsp;in&nbsp;index.php: $message&nbsp;=&nbsp;strip_tags($message); just&nbsp;above: if&nbsp;($message&nbsp;!=&nbsp;\"\")&nbsp;{$file&nbsp;=&nbsp;fopen(\"$dataf\",\"a\"); =========================================================================== Example: name&nbsp;=&nbsp;Test message&nbsp;=&nbsp;<?php&nbsp;phpinfo();&nbsp;?> Discovered&nbsp;By:&nbsp;Gammarays &nbsp;