RE: uguestbook exploit

To: <l--s@xxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: uguestbook exploit
From: "Earnhart, Benjamin J" <benjamin-earnhart@xxxxxxxxx>
Date: Thu, 28 Jul 2005 13:39:30 -0500
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Thread-index: AcWTn2oE8S/wvoMbT3G4pdG9ywqj/AAA0L8g
Thread-topic: uguestbook exploit

That's not a product-specific exploit or a flaw in the product.  

If somebody mis-configures their installation of it by putting the
database file in a directory accessible via the web, then getting the
database file is trivial for any package. The very first step in the
documentation for uguestbook says not to do that, see:
http://www.uapplication.com/uguestbook/doc.asp   


> -----Original Message-----
> From: l--s@xxxxxxxxxxx [mailto:l--s@xxxxxxxxxxx] 
> Sent: Thursday, July 28, 2005 10:31 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: uguestbook exploit
> 
> hello , 
> 
> By ...... MeSa7eB
> 
> Data ...... 28/7/2005
> 
> pro ......   http://www.uapplication.com/
> 
> My web site :  http://3asfh.net/vb
> 
> My Email :  l--s@xxxxxxxxxxx
> 
> ===============================================
> 
> exploit : 
> 
> http://xxx.com/guestbook/mdb-database/guestbook.mdb 
> 
> ==================================
>

Prev by Date: [USN-159-1] unzip vulnerability
Next by Date: Re: LSS Security Advisory: Winamp remote buffer overflow vulnerability
Previous by thread: Re: uguestbook exploit
Next by thread: RE: [Full-disclosure] Anonymous Web Attacks via DedicatedMobileServices
Index(es):
- Date
- Thread