PHP-Gastebuch 1.60 - Information Disclosure

EDB-ID:

22953

CVE:

N/A




Platform:

PHP

Date:

2003-07-24


source: https://www.securityfocus.com/bid/8270/info

PHP-Gastebuch has been reported prone to multiple information disclosure vulnerabilities. The issue presents itself because the affected software fails to sufficiently control access to sensitive files contained in the PHP-Gastebuch installation.

It has been reported that an attacker may make a request for several sensitive PHP-Gastebuch files, and in doing so reveal potentially sensitive information including administrative MD5 password hashes.

Information collected in this way may be used to mount further attacks against the affected system.

http://www.example.com/guestbook/guestbookdat 
http://www.example.com/guestbook/pwd