Bugtraq mailing list archives
Re: Kent's Guestbook database exploit
From: security curmudgeon <jericho () attrition org>
Date: Sat, 6 Aug 2005 00:28:44 -0400 (EDT)
: hello , : : site : http://kentldyer.com/guestbook/default.asp The site runs a guestbook but.. follow: http://kentldyer.com/ 'guestbook' on upper right bar http://kentldyer.com/guestbook/ (open directory) http://kentldyer.com/guestbook/readme.txt Guestbook by Kathi O'Shea http://www.attitude.com/users/kathi/asp (ASP Tutorial Site) http://www.web-savant.com (business site) kathi () attitude com (support & comments) info () web-savant com (design and customization) Guestbook Instructions IMPORTANT!! This guestbook will only work on an ASP-enabled site, and you must have script permissions on the directory where the ASP scripts are located. This script will not work on GeoCities, AOL, or most (if not all) of the free homepage sites. If you're not sure if your site is ASP-enabled, contact your system administrator. 1. Files contained in this distribution README.TXT (this file) Guestbook.mdb sign.asp administration.asp default.asp [..] That open directory has Guestbook.mdb *and* Guestbook1.mdb for some reason. Either way, this doesn't look like "Kent's Guestbook" as a product/vendor, rather probably Kathi O'Shea Guestbook.
Current thread:
- Re: Kent's Guestbook database exploit security curmudgeon (Aug 09)