Vulnerability ID 10180

Thomas R. Pasawicz HyperBook Guestbook 1.30 Password Database data/gbconfiguration.dat HTTP GET Request information disclosure

CVSSv3 Temp ScoreCurrent Exploit Price (≈)
5.2$0-$1k

A vulnerability classified as problematic was found in Thomas R. Pasawicz HyperBook Guestbook 1.30. This vulnerability affects an unknown function of the file data/gbconfiguration.dat of the component Password Database. The manipulation as part of a HTTP GET Request leads to a information disclosure vulnerability (hash). As an impact it is known to affect confidentiality. CVE summarizes:

Thomas R. Pasawicz HyperBook Guestbook 1.30 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download an admin password hash via a direct request for data/gbconfiguration.dat.

The weakness was published 02/28/2007 by Serkan By as HyperBook Guestbook GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability as confirmed posting (SecurityFocus). The advisory is shared for download at securityfocus.com. The public release happened without coordination with the vendor. This vulnerability was named CVE-2007-1192 since 03/02/2007. The attack can be initiated remotely. No form of authentication is required for a successful exploitation. Technical details and also a public exploit are known. The current price for an exploit might be approx. USD $0-$1k. This vulnerability has a historic impact due to its background and reception.

A public exploit has been developed by PeTrO in Python and been published immediately after the advisory. It is declared as highly functional. It is possible to download the exploit at securityfocus.com. As 0-day the estimated underground price was around $5k-$10k.

It is possible to mitigate the problem by adding as an authentication mechanism.

The vulnerability is also documented in the databases at SecurityFocus (BID 22754) and Secunia (SA24392).

CVSSv3

Base Score: 5.3 [?]
Temp Score: 5.2 [?]
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:H/RL:W/RC:C [?]
Reliability: High

CVSSv2

Base Score: 5.0 (CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N) [?]
Temp Score: 4.8 (CVSS2#E:H/RL:W/RC:C) [?]
Reliability: High

AVACAuCIA
LHMNNN
AMSPPP
NLNCCC
VectorComplexityAuthenticationConfidentialityIntegrityAvailability
LocalHighMultipleNoneNoneNone
AdjacentMediumSinglePartialPartialPartial
NetworkLowNoneCompleteCompleteComplete

CPE

Exploiting

Class: Information disclosure
Local: No
Remote: Yes

Availability: Yes
Access: Public
Status: Highly functional
Reliability: 99%
Programming Language: Python
Author: PeTrO
Download: securityfocus.com

Current Price Estimation: $5k-$10k (0-day) / $0-$1k (Today)

0-Day$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k
Today$0-$1k$1k-$2k$2k-$5k$5k-$10k$10k-$25k$25k-$50k$50k-$100k$100k-$500k

Countermeasures

Recommended: Authentication
Status: Workaround
0-Day Time: 0 days since found
Exploit Delay Time: 0 days since known

Timeline

02/28/2007 Advisory disclosed
02/28/2007 +0 days Exploit disclosed
02/28/2007 +0 days SecurityFocus entry assigned
03/02/2007 +2 days CVE assigned
03/02/2007 +0 days NVD disclosed
03/06/2007 +4 days Secunia entry created
03/06/2007 +0 days OSVDB entry created
09/10/2013 +2379 days VulDB entry created
08/23/2016 +1078 days VulDB last update

Sources

Advisory: HyperBook Guestbook GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability
Researcher: Serkan By
Status: Confirmed

CVE: CVE-2007-1192 (mitre.org) (nvd.nist.org) (cvedetails.com)

SecurityFocus: 22754 - HyperBook Guestbook GBConfiguration.DAT Hashed Password Information Disclosure Vulnerability
Secunia: 24392 - HyperBook Guestbook "data/gbconfiguration.dat" Information Disclosure, Moderately Critical
OSVDB: 33868 - HyperBook Guestbook data/gbconfiguration.dat Direct Request Information Disclosure

Entry

Created: 09/10/2013
Updated: 08/23/2016
Entry: 89.4% complete