Product: Super GuestBook Version: 1.0 OffSite: http://www.lasource.r2.ru/ Problem: Disclosing information ----------------------------------------- View file http://[target]/cgi-bin/SGB_DIR/superguestconfig and you view configuration of the Super guestbook. View "Password" field and you view password to admin access. he is don't crypt. Example: GuestBook=guestbook.txt newform=http://localhost/cgi-bin/Sgb/superguest.cgi mailprog=/usr/sbin/sendmail Password=password Title=GuestBook title fields=Rank|Your Name|Your E-mail|Homepage Url|Homepage Title|Comments Required=Your Name|Your E-mail|Comments MyEmail=overgat_private MyName=Your Name MailMe=no PermitHtml=no MultipleSign=yes banned=202.188.159.172|190.12.150.300 template=supertemplate Header=header Footer=footer Contacts: www.overg.com www.dwcgr0up.com irc.zaingandol.org #DWC ogprogat_private Best regards, Over G[DWC Gr0up]
This archive was generated by hypermail 2b30 : Thu Apr 10 2003 - 15:46:30 PDT