Bugtraq mailing list archives
RE: uguestbook exploit
From: "Earnhart, Benjamin J" <benjamin-earnhart () uiowa edu>
Date: Thu, 28 Jul 2005 13:39:30 -0500
That's not a product-specific exploit or a flaw in the product. If somebody mis-configures their installation of it by putting the database file in a directory accessible via the web, then getting the database file is trivial for any package. The very first step in the documentation for uguestbook says not to do that, see: http://www.uapplication.com/uguestbook/doc.asp
-----Original Message----- From: l--s () hotmail com [mailto:l--s () hotmail com] Sent: Thursday, July 28, 2005 10:31 AM To: bugtraq () securityfocus com Subject: uguestbook exploit hello , By ...... MeSa7eB Data ...... 28/7/2005 pro ...... http://www.uapplication.com/ My web site : http://3asfh.net/vb My Email : l--s () hotmail com =============================================== exploit : http://xxx.com/guestbook/mdb-database/guestbook.mdb ==================================
Current thread:
- RE: uguestbook exploit Earnhart, Benjamin J (Aug 01)
- <Possible follow-ups>
- Re: uguestbook exploit security curmudgeon (Aug 05)