Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

RE: uguestbook exploit

From: "Earnhart, Benjamin J" <benjamin-earnhart () uiowa edu>
Date: Thu, 28 Jul 2005 13:39:30 -0500
That's not a product-specific exploit or a flaw in the product.  

If somebody mis-configures their installation of it by putting the
database file in a directory accessible via the web, then getting the
database file is trivial for any package. The very first step in the
documentation for uguestbook says not to do that, see:
http://www.uapplication.com/uguestbook/doc.asp   



-----Original Message-----
From: l--s () hotmail com [mailto:l--s () hotmail com] 
Sent: Thursday, July 28, 2005 10:31 AM
To: bugtraq () securityfocus com
Subject: uguestbook exploit

hello , 

By ...... MeSa7eB

Data ...... 28/7/2005

pro ......   http://www.uapplication.com/

My web site :  http://3asfh.net/vb

My Email :  l--s () hotmail com

===============================================

exploit : 

http://xxx.com/guestbook/mdb-database/guestbook.mdb 

==================================
Previous By Date Next
Previous By Thread Next

Current thread: