[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: uguestbook exploit

To: <l--s@xxxxxxxxxxx>, <bugtraq@xxxxxxxxxxxxxxxxx>
Subject: RE: uguestbook exploit
From: "Earnhart, Benjamin J" <benjamin-earnhart@xxxxxxxxx>
Date: Thu, 28 Jul 2005 13:39:30 -0500

That's not a product-specific exploit or a flaw in the product.  

If somebody mis-configures their installation of it by putting the
database file in a directory accessible via the web, then getting the
database file is trivial for any package. The very first step in the
documentation for uguestbook says not to do that, see:
http://www.uapplication.com/uguestbook/doc.asp   


> -----Original Message-----
> From: l--s@xxxxxxxxxxx [mailto:l--s@xxxxxxxxxxx] 
> Sent: Thursday, July 28, 2005 10:31 AM
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: uguestbook exploit
> 
> hello , 
> 
> By ...... MeSa7eB
> 
> Data ...... 28/7/2005
> 
> pro ......   http://www.uapplication.com/
> 
> My web site :  http://3asfh.net/vb
> 
> My Email :  l--s@xxxxxxxxxxx
> 
> ===============================================
> 
> exploit : 
> 
> http://xxx.com/guestbook/mdb-database/guestbook.mdb 
> 
> ==================================
>

Prev by Date: ICMP attacks against TCP: Conclusions
Next by Date: Re: [BugTraq] Peter Gutmann data deletion theaory?
Previous by thread: Re: ICMP attacks against TCP: Conclusions
Next by thread: Re: uguestbook exploit
Index(es):
- Date
- Thread