MPCSoftWeb 1.0 - Database Disclosure

EDB-ID:

22513

CVE:





Platform:

ASP

Date:

2003-04-21


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

source: https://www.securityfocus.com/bid/7390/info

MPCSoftWeb does not sufficiently secure the database file. It is possible for remote attackers to request the database file and gain access to sensitive information such as administrative credentials for the guestbook. 

http://www.example.com/mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb