Detections
Analytics

Super Guestbook superguestconfig Admin Password Disclosure

medium Nessus Plugin ID 11536

Language:

Synopsis

The remote service is prone to information disclosure.

Description

The remote server is running Super GuestBook, a set of php scripts to manage an interactive guestbook.

An attacker may retrieve the file /superguestconfig, which contains the password of the guestbook administrator as well as other configuration details.

Solution

Modify file permissions or access restrictions to prevent the download of superguestconfig.

See Also

http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2003-04/0161.html

Plugin Details

Severity: Medium

ID: 11536

File Name: superguestbook_config_disclosure.nasl

Version: 1.17

Type: remote

Family: CGI abuses

Published: 4/14/2003

Updated: 1/19/2021

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: No exploit is required

Vulnerability Publication Date: 4/10/2002

Reference Information

BID: 7319