header-logo
Suggest Exploit
vendor:
Guestbook Manager
by:
SecurityFocus
4.3
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: Guestbook Manager
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Ocean12 Guestbook Manager Information Disclosure Vulnerability

Ocean12 Guestbook Manager has been reported prone to sensitive information disclosure vulnerability. An attacker may make a request for and download the underlying Access database file that is used by the Guestbook Manager. Guestbook administration credentials contained in the database and stored in plaintext format may be revealed to the attacker. Information collected in this way may be used to aid in further attacks against the system.

Mitigation:

Ensure that the Access database file is not accessible from the web server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7328/info

Ocean12 Guestbook Manager has been reported prone to sensitive information disclosure vulnerability.

An attacker may make a request for and download the underlying Access database file that is used by the Guestbook Manager. Guestbook administration credentials contained in the database and stored in plaintext format may be revealed to the attacker.

Information collected in this way may be used to aid in further attacks against the system. 

http://www.example.com/guestbook/admin/o12guest.mdb

Navigation

Suggest Exploit

Services By CQR