CVE-2007-1192

Thomas R. Pasawicz HyperBook Guestbook 1.30 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-1192. PoCs published by PeTrO.

AI-analyzed exploit summary This exploit targets HyperBook Guestbook v1.30 by fetching the 'gbconfiguration.dat' file, which contains the admin's MD5 hash. The script parses and displays the hash, enabling potential credential-based attacks.

Description

Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat.

Exploits (1)

exploitdb WORKING POC VERIFIED

by PeTrO · pythonremotewindows

https://www.exploit-db.com/exploits/29687

View Code ZIP pw:eip

This exploit targets HyperBook Guestbook v1.30 by fetching the 'gbconfiguration.dat' file, which contains the admin's MD5 hash. The script parses and displays the hash, enabling potential credential-based attacks.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: HyperBook Guestbook v1.30

No auth needed

Prerequisites: Target must have exposed 'gbconfiguration.dat' file

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/24392

Exploit x_refsource_misc

http://downloads.securityfocus.com/vulnerabilities/exploits/22754.py

Exploit, Vendor Advisory vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/22754

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/33868

Scores

EPSS 0.0246

EPSS Percentile 82.4%

Details

Status published

Products (1)

hyperbook/guestbook 1.30

Published Mar 02, 2007

Tracked Since Feb 18, 2026