10 lines
No EOL
688 B
Text
10 lines
No EOL
688 B
Text
source: https://www.securityfocus.com/bid/8270/info
|
|
|
|
PHP-Gastebuch has been reported prone to multiple information disclosure vulnerabilities. The issue presents itself because the affected software fails to sufficiently control access to sensitive files contained in the PHP-Gastebuch installation.
|
|
|
|
It has been reported that an attacker may make a request for several sensitive PHP-Gastebuch files, and in doing so reveal potentially sensitive information including administrative MD5 password hashes.
|
|
|
|
Information collected in this way may be used to mount further attacks against the affected system.
|
|
|
|
http://www.example.com/guestbook/guestbookdat
|
|
http://www.example.com/guestbook/pwd |