|
|
Family: CGI abuses : XSS --> Category: infos
MPC SoftWeb Guestbook database disclosure Vulnerability Scan
Vulnerability Scan Summary
Checks for mpcsoftware_guestdata.mdb
Detailed Explanation for this Vulnerability Test
The remote server is running MPCSoftwebGuestbook a set of .asp
scripts to manage an online guestbook.
This release comes with a database called 'mpcsoftware_guestdata.mdb',
usually located under /database/ which contains sensitive information,
such as the news site administrator password.
A possible hacker may use this flaw to gain unauthorized access to the
remote site and potentially edit it.
Note that this server is also vulnerable to a cross-site-scripting
attack which allows a possible hacker to have javascript code executed on
the browser of other hosts.
Solution : Prevent the download of .mdb files from your website.
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
