header-logo
Suggest Exploit
vendor:
Uguestbook !talian script
by:
indoushka
8.8
CVSS
HIGH
Database Download Vulnerability
20
CWE
Product Name: Uguestbook !talian script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)
2008

Asp Uguestbook DB Download Vulnerability

The vulnerability allows an attacker to download the database of the vulnerable application. The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can send a specially crafted request to the vulnerable application and download the database. Successful exploitation of this vulnerability may result in unauthorized access to sensitive information.

Mitigation:

Input validation should be performed to verify that the data received from the user is of the expected type, length, and value. The application should also perform proper output encoding to prevent malicious code injection.
Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : Asp Uguestbook DB Download Vulnerability                                |
| # Author   : indoushka                                                               |
| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       |
| # Web Site : www.iq-ty.com                                                           |
| # Script   : Uguestbook !talian script                                               |
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       |
| # Bug      : DB                                                                      | 
======================      Exploit By indoushka       =================================
| # Exploit  : 
| 
| 1- http://server/Uguestbook/mdb-database/guestbook.mdb
|
================================   Dz-Ghost Team   ========================================
Greetz : all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 |
Rafik (Tinjah.com) * Yashar (sc0rpion.ir) * Silitoad * redda * mourad (dgsn.dz) * 
-------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR