That's not a product-specific exploit or a flaw in the product. If somebody mis-configures their installation of it by putting the database file in a directory accessible via the web, then getting the database file is trivial for any package. The very first step in the documentation for uguestbook says not to do that, see: http://www.uapplication.com/uguestbook/doc.asp > -----Original Message----- > From: l--s@xxxxxxxxxxx [mailto:l--s@xxxxxxxxxxx] > Sent: Thursday, July 28, 2005 10:31 AM > To: bugtraq@xxxxxxxxxxxxxxxxx > Subject: uguestbook exploit > > hello , > > By ...... MeSa7eB > > Data ...... 28/7/2005 > > pro ...... http://www.uapplication.com/ > > My web site : http://3asfh.net/vb > > My Email : l--s@xxxxxxxxxxx > > =============================================== > > exploit : > > http://xxx.com/guestbook/mdb-database/guestbook.mdb > > ================================== >
