Short Name |
HTTP:MISC:EZGUESTBOOK |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
HTMLJunction EZGuestbook Database Disclosure |
Release Date |
2005/08/08 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to access Guestbook.mdb. HTMLJunction EZGuestbook is a guestbook written in PHP. A vulnerability in the program allows an attacker to download the database with a simple browser request.
HTMLJunction EZGuestbook is prone to a database disclosure vulnerability. Remote users may download the database file 'guestbook.mdb' and gain access to sensitive information. The attacker would carry out this attack by directly requesting the database file through an HTTP GET request.