Rule: -- Sid: 2331 -- Summary: This event is generated when an attempt is made to possibly gain administrative access to the MatrikzGB Guestbook PHP application running on a server. -- Impact: Possible administrative access to the Guestbook. -- Detailed Information: This event is generated when an attempt is made to exploit a known vulnerability in the MatrikzGB Guestbook web application running on a server. It is possible for an attacker to modify the appropriate URI parameter in the index.php script to gain administrative rightst to the MatrikzGB Guestbook. -- Affected Systems: MatrikzGB Guestbook 2.0 -- Attack Scenarios: An attacker can supply "admin" to the "new_rights" parameter in the PHP script index.php. -- Ease of Attack: Simple. No exploit software required. -- False Positives: None known. -- False Negatives: None known. -- Corrective Action: Ensure the system is using an up to date version of the software and has had all vendor supplied patches applied. -- Contributors: Sourcefire Research Team Nigel Houghton <nigel.houghton@sourcefire.com> -- Additional References: --