Guestbook tr3.a

2008.02.14

Credit: subj

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2003-1541

CWE: CWE-264

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

Product : Guestbook tr3.a

Version : First

WebSite : http://www.planetmoon.net

Problem : Viewing passwords file

Description:

------------

In this script passwords are in passwd.txt file

In Shrot, all who want see the passwords can make it.

Exploit:

--------

http://[somehost]/[gb_dir]/files/passwd.txt

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Guestbook tr3.a

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Guestbook tr3.a

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.