MPCSoftWeb 1.0 - Database Disclosure

Author: drG4njubas
type: webapps
platform: asp
port: 
date_added: 2003-04-21 
date_updated: 2012-11-06 
verified: 1 
codes: OSVDB-54147 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/7390/info

MPCSoftWeb does not sufficiently secure the database file. It is possible for remote attackers to request the database file and gain access to sensitive information such as administrative credentials for the guestbook.

http://www.example.com/mpcsoftweb_guestbook/database/mpcsoftweb_guestdata.mdb