Signature Detail

Short Name	HTTP:MISC:EZGUESTBOOK
Severity	Medium
Recommended	No
Category	HTTP
Keywords	HTMLJunction EZGuestbook Database Disclosure
Release Date	2005/08/08
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

HTTP: HTMLJunction EZGuestbook Database Disclosure

This signature detects attempts to access Guestbook.mdb. HTMLJunction EZGuestbook is a guestbook written in PHP. A vulnerability in the program allows an attacker to download the database with a simple browser request.

Extended Description

HTMLJunction EZGuestbook is prone to a database disclosure vulnerability. Remote users may download the database file 'guestbook.mdb' and gain access to sensitive information. The attacker would carry out this attack by directly requesting the database file through an HTTP GET request.

Affected Products

HTMLJunction EZGuestbook

References

BugTraq: 13543
CVE: CVE-2005-1660
URL: http://www.net-security.org/vulnerability.php?id=16444
URL: http://www.securitytracker.com/alerts/2005/May/1013912.html

Signature Detail

Short Name

Severity

Recommended

Category

Keywords

Release Date

Update Number

Supported Platforms

HTTP: HTMLJunction EZGuestbook Database Disclosure

Extended Description

Affected Products

References