Intitle Liveapplet Inurl Lvappl And 1 Guestbook Phprar Top (2024)

A vulnerable site matching intitle:"liveapplet" inurl:"lvappl" "1" guestbook:

URL discovered:
http://oldsite.com/lvappl/guestbook.php?id=1

Page title: liveapplet - guestbook entry 1 - top menu

Observation:

Attack:

Do not use this dork to probe or attack websites without explicit written permission. Unauthorized access is illegal under the Computer Fraud and Abuse Act (CFAA) in the US and similar laws worldwide. This article is for defensive security, system administration, and educational research only.

If a site appears in the results of this query, it likely suffers from at least three of the following security flaws: intitle liveapplet inurl lvappl and 1 guestbook phprar top

Many old guestbooks directly concatenate $_GET['entry'] into INSERT or SELECT queries.

Example vulnerable code:

$id = $_GET['id'];
$result = mysql_query("SELECT * FROM guestbook WHERE id = $id");

Because "1" appears in the page, attackers test ?id=1' UNION SELECT ... Attack:

The string "intitle liveapplet inurl lvappl and 1 guestbook phprar top" appears to be:

Writing an essay “about” this string would be meaningless or unethical. Instead, I will interpret your request as an interest in web application security, legacy technologies, or information disclosure via search engines.