CVE-2007-1192 Information

Description

Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat.

Reference

http://downloads.securityfocus.com/vulnerabilities/exploits/22754.py http://osvdb.org/33868 http://secunia.com/advisories/24392 http://www.securityfocus.com/bid/22754