BID:25652

CS-Guestbook Login Credentials Information Disclosure Vulnerability

Info

CS-Guestbook Login Credentials Information Disclosure Vulnerability

Bugtraq ID:	25652
Class:	Design Error
CVE:	CVE-2007-4937
Remote:	Yes
Local:	No
Published:	Sep 12 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	Cr@zy_King is credited with the discovery of this vulnerability.
Vulnerable:	ComScripts TEAM CS-Guestbook 0.1

Not Vulnerable:

Discussion

CS-Guestbook Login Credentials Information Disclosure Vulnerability

CS-Guestbook is prone to an information-disclosure vulnerability because the application fails to properly protect sensitive information.

An attacker can exploit this issue to access sensitive information that may lead to further attacks.

Exploit / POC

CS-Guestbook Login Credentials Information Disclosure Vulnerability

An attacker can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/guest/base/usr/0.php

Solution / Fix

CS-Guestbook Login Credentials Information Disclosure Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

CS-Guestbook Login Credentials Information Disclosure Vulnerability

References:

CS-Guestbook Homepage (ComScripts TEAM)
CS Guestbook Admin Name & Md5 Security Vuln ([email protected])