Planetmoon - Guestbook Clear Text Password Retrieval

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107252 漏洞类型
发布时间 2003-03-21 更新时间 2003-03-21
CVE编号 CVE-2003-1541 CNNVD-ID N/A
漏洞平台 CGI CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/22408
https://cxsecurity.com/issue/WLB-2008020055
|漏洞详情
This vulnerability has been modified since it was last analyzed by the NVD. It is awaiting reanalysis which may result in further changes to the information provided.
|漏洞EXP
source: http://www.securityfocus.com/bid/7167/info

A vulnerability has been reported in Planetmoon Guestbook. It has been reported that remote users may be able to retrieve clear text password lists. Access to this data may allow an attacker to carry out further attacks against a target user.

http://[somehost]/[gb_dir]/files/passwd.txt
|参考资料
resource:
hyperlink:http://securityreason.com/securityalert/3653
resource:Exploit
hyperlink:http://www.securityfocus.com/archive/1/archive/1/315895/30/25400/threaded
resource:
hyperlink:http://www.securityfocus.com/bid/7167
resource:
hyperlink:http://www.securitytracker.com/id?1006360
resource:
hyperlink:https://exchange.xforce.ibmcloud.com/vulnerabilities/11609