HTTP: HTMLJunction EZGuestbook Database Disclosure
This signature detects attempts to access Guestbook.mdb. HTMLJunction EZGuestbook is a guestbook written in PHP. A vulnerability in the program allows an attacker to download the database with a simple browser request.
Extended Description
HTMLJunction EZGuestbook is prone to a database disclosure vulnerability. Remote users may download the database file 'guestbook.mdb' and gain access to sensitive information. The attacker would carry out this attack by directly requesting the database file through an HTTP GET request.
Affected Products
Htmljunction ezguestbook
References
BugTraq: 13543
CVE: CVE-2005-1660
URL: http://www.net-security.org/vulnerability.php?id=16444 http://www.securitytracker.com/alerts/2005/May/1013912.html
Short Name
HTTP:MISC:EZGUESTBOOK
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2005-1660 Database Disclosure EZGuestbook HTMLJunction bid:13543
Release Date
08/08/2005
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Htmljunction
CVSS Score
7.5