CVE-2003-1541

PlanetMoon Guestbook tr3.a - Unauthenticated Sensitive Information Exposure via Direct Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1541. PoCs published by subj.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in Planetmoon Guestbook, where the password file is accessible via a direct URL. No exploit code is provided, only a description and the vulnerable path.

Description

PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt.

Exploits (1)

exploitdb WRITEUP VERIFIED

by subj · textwebappscgi

https://www.exploit-db.com/exploits/22408

View Code ZIP pw:eip

This is a writeup describing an information disclosure vulnerability in Planetmoon Guestbook, where the password file is accessible via a direct URL. No exploit code is provided, only a description and the vulnerable path.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Planetmoon Guestbook

No auth needed

Prerequisites: Knowledge of the target host and guestbook directory path

MITRE ATT&CK