<<< Date Index >>>     <<< Thread Index >>>

RE: uguestbook exploit



That's not a product-specific exploit or a flaw in the product.  

If somebody mis-configures their installation of it by putting the
database file in a directory accessible via the web, then getting the
database file is trivial for any package. The very first step in the
documentation for uguestbook says not to do that, see:
http://www.uapplication.com/uguestbook/doc.asp   


> -----Original Message-----
> From: l--s@xxxxxxxxxxx [mailto:l--s@xxxxxxxxxxx] 
> Sent: Thursday, July 28, 2005 10:31 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: uguestbook exploit
> 
> hello , 
> 
> By ...... MeSa7eB
> 
> Data ...... 28/7/2005
> 
> pro ......   http://www.uapplication.com/
> 
> My web site :  http://3asfh.net/vb
> 
> My Email :  l--s@xxxxxxxxxxx
> 
> ===============================================
> 
> exploit : 
> 
> http://xxx.com/guestbook/mdb-database/guestbook.mdb 
> 
> ==================================
>