 |
|
|
|
| Vulnerability details : |
| |
 |
|
Abczone.it WWWguestbook URL Database Information Disclosure |
|
|
Fiche créée le 2004-08-24 23:16:51, dernière mise à jour le 2008-03-02 23:49:21
Abczone.it WWWgestbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user specifies the path of the guestbook database, which will allow the malicious user to download the entire database disclosing all user account information (including administrator login information) resulting in a loss of confidentiality.
http://[victim]/path_of_guestbook/db/dbase.mdb
|
| |
| Abczone.it 1.1 Affected | | | Attack Type : Information Disclosure
comments, passwords, fingerprinting, system information. | Découvert le 2004-08-21 07:00:00
| | Exploit : Exploit Public | Exploit découvert le 2004-08-21 07:00:00
| Impact : Loss of Confidentiality
Assurance that data is protected and not disclosed to an unauthorized party.
Examples: password disclosures, server information, environment variables, confirmation of file existence, path disclosure, file content access, some SQL injection. | | | Location : Remote / Network Access
If network access if required and exploit can be done remotely. | | | OSVDB : Web Related
The vulnerability is a web issue and will have an associated security check. | | |
| |
| External refs : |
| OSVDB 9159 | | | | | | | | |
| |
| |
| |
| |
|
|
|
|
| Free consultation (search) |
|
|
|
|
|
| |
|
|
|
