Bugtraq: RE: uguestbook exploit

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

RE: uguestbook exploit

From: "Earnhart, Benjamin J" <benjamin-earnhart () uiowa edu>
Date: Thu, 28 Jul 2005 13:39:30 -0500

That's not a product-specific exploit or a flaw in the product.  

If somebody mis-configures their installation of it by putting the
database file in a directory accessible via the web, then getting the
database file is trivial for any package. The very first step in the
documentation for uguestbook says not to do that, see:
http://www.uapplication.com/uguestbook/doc.asp

-----Original Message-----
From: l--s () hotmail com [mailto:l--s () hotmail com] 
Sent: Thursday, July 28, 2005 10:31 AM
To: bugtraq () securityfocus com
Subject: uguestbook exploit

hello , 

By ...... MeSa7eB

Data ...... 28/7/2005

pro ......   http://www.uapplication.com/

My web site :  http://3asfh.net/vb

My Email :  l--s () hotmail com

===============================================

exploit : 

http://xxx.com/guestbook/mdb-database/guestbook.mdb 

==================================

By Date By Thread

Current thread:

RE: uguestbook exploit Earnhart, Benjamin J (Aug 01)
- <Possible follow-ups>
- Re: uguestbook exploit security curmudgeon (Aug 05)