Kathi O'Shea Guestbook Guestbook.mdb User Database Remote Disclosure

2005-07-29T23:35:18
ID OSVDB:18558
Type osvdb
Reporter MeSa7eB(l--s@hotmail.com)
Modified 2005-07-29T23:35:18

Description

Vulnerability Description

Guestbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the guestbook.mdb file is stored in the server root by default, which will allow direct access to download the database file.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Guestbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the guestbook.mdb file is stored in the server root by default, which will allow direct access to download the database file.

Manual Testing Notes

http://[target]/guestbook/guestbook.mdb

References:

Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-08/0113.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0518.html