Abczone.it WWWguestbook URL Database Information Disclosure

2004-08-21T00:00:00
ID OSVDB:9159
Type osvdb
Reporter Security .Net Information(snilabs@gmail.com)
Modified 2004-08-21T00:00:00

Description

Vulnerability Description

Abczone.it WWWgestbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user specifies the path of the guestbook database, which will allow the malicious user to download the entire database disclosing all user account information (including administrator login information) resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Abczone.it WWWgestbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user specifies the path of the guestbook database, which will allow the malicious user to download the entire database disclosing all user account information (including administrator login information) resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/path_of_guestbook/db/dbase.mdb

References:

Vendor URL: http://www.abczone.it/default.asp Security Tracker: 1011026 ISS X-Force ID: 17077 CVE-2004-2428