|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: uguestbook exploit
From: Earnhart, Benjamin J (benjamin-earnhart
uiowa.edu)
Date: Thu Jul 28 2005 - 13:39:30 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
That's not a product-specific exploit or a flaw in the product.
If somebody mis-configures their installation of it by putting the
database file in a directory accessible via the web, then getting the
database file is trivial for any package. The very first step in the
documentation for uguestbook says not to do that, see:
http://www.uapplication.com/uguestbook/doc.asp
> -----Original Message-----
> From: l--shotmail.com [mailto:l--shotmail.com]
> Sent: Thursday, July 28, 2005 10:31 AM
> To: bugtraqsecurityfocus.com
> Subject: uguestbook exploit
>
> hello ,
>
> By ...... MeSa7eB
>
> Data ...... 28/7/2005
>
> pro ...... http://www.uapplication.com/
>
> My web site : http://3asfh.net/vb
>
> My Email : l--shotmail.com
>
> ===============================================
>
> exploit :
>
> http://xxx.com/guestbook/mdb-database/guestbook.mdb
>
> ==================================
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]