Sukru Alatas's Guestbook Discloses Database to Remote Users
|
|
SecurityTracker Alert ID: 1014300
|
|
SecurityTracker URL: http://securitytracker.com/id?1014300
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Jun 27 2005
|
Impact: Disclosure of authentication information, Disclosure of system information, Disclosure of user information
|
Exploit Included: Yes
|
Version(s): 3.01
|
Description: A vulnerability was reported in Sukru Alatas's Guestbook. A remote user can access the database.
A remote user can obtain the underlying database with the following type of URL:
http://[target]/db/gbdb.mdb
The database contains
the administrative password.
basher13 of Infam0us Gr0up reported this vulnerability.
[Editor's note: The vendor's web site
was unavailable at the time of this entry.]
|
Impact: A remote user can obtain the guest book database, which includes the administrative password.
|
Solution: No solution was available at the time of this entry.
|
Cause: Access control error, Configuration error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
|
|
[Original Message Not Available for Viewing]
|
|
