Vulnerabilities > CVE-2007-1192 - Information Disclosure vulnerability in Hyperbook Guestbook 1.30

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
hyperbook
exploit available
NVD
Published: 2007-03-02
Updated: 2008-11-15

Summary

Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat.

Vulnerable Configurations

Part Description Count
Application
Hyperbook
1

Exploit-Db

descriptionHyperBook Guestbook 1.3 GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability. CVE-2007-1192. Remote exploit for windows platform
idEDB-ID:29687
last seen2016-02-03
modified2007-02-28
published2007-02-28
reporterPeTrO
sourcehttps://www.exploit-db.com/download/29687/
titleHyperBook Guestbook 1.3 GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability

References