vendor:
Winn ASP Guestbook
by:
ZoRLu
7,5
CVSS
HIGH
Database Disclosure
200
CWE
Product Name: Winn ASP Guestbook
Affected Version From: 1.01 Beta
Affected Version To: 1.01 Beta
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009
Winn ASP Guestbook 1.01 Beta Database Disclosure Exploit
This exploit allows an attacker to download the database of Winn ASP Guestbook 1.01 Beta. The exploit is written in Perl and uses LWP::Simple and LWP::UserAgent modules. The exploit takes two arguments, the URL/IP of the target and the path of the application. If the target doesn't have a path, the path argument should be set to '/'.
Mitigation:
Upgrade to the latest version of Winn ASP Guestbook.