HTMLJunction EZGuestbook Guestbook.mdb Database Disclosure Vulnerability

info
discussion
exploit
solution
references

HTMLJunction EZGuestbook Guestbook.mdb Database Disclosure Vulnerability

HTMLJunction EZGuestbook is prone to a database disclosure vulnerability. Remote users may download the database file 'guestbook.mdb' and gain access to sensitive information. The attacker would carry out this attack by directly requesting the database file through an HTTP GET request.