Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Super Guestbook superguestconfig Admin Password Disclosure

Medium

Synopsis

The remote host is running SuperGuestBook, a set of PHP scripts designed to manage an interactive guestbook.

Description

The remote host is running SuperGuestBook, a set of PHP scripts designed to manage an interactive guestbook. There is a flaw in this version which may allow an attacker to retrieve the configuration file of this setup, which contains the password of the administrator.

Solution

Restrict remote access to the 'superguestconfig' file.