Betaparticle Blog多个远程漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108555 漏洞类型
发布时间 2005-03-21 更新时间 2009-02-06
CVE编号 CVE-2005-0853 CNNVD-ID CNNVD-200505-639
漏洞平台 ASP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/25252
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-639
|漏洞详情
betaparticleblog(bpblog)在web根目录下面存储数据库,远程攻击者可以通过直接请求(1)3.0版本之前的dbBlogMX.mdb,或(2)3.0及之后版本的Blog.mdb,来获取敏感信息。注:之后报告,向量2也影响版本6.0至9.0。
|漏洞EXP
source: http://www.securityfocus.com/bid/12861/info

betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported:

It is reported that betaparticle blog fails to sufficiently secure the authentication credential database. A remote attacker may exploit this vulnerability to download and disclose the contents of the credential database.

This issue is reported to affect betaparticle blog prior to and including version 3.0.

It is reported that several betaparticle blog scripts may be accessed by a remote unauthenticated attacker and may be employed to upload and delete arbitrary Web server accessible files. A remote attacker may exploit leverage these scripts to deny service for legitimate users or potentially compromise a target computer.

It is reported that these scripts may be leveraged on betaparticle blog versions up to and including version 3.0. 

http://www.example.com/bp/database/dbBlogMX.mdb
|参考资料

来源:XF
名称:betaparticle-web-root-information-disclosure(19779)
链接:http://xforce.iss.net/xforce/xfdb/19779
来源:SECUNIA
名称:14668
链接:http://secunia.com/advisories/14668
来源:XF
名称:bpblog-blog-info-disclosure(47419)
链接:http://xforce.iss.net/xforce/xfdb/47419
来源:BID
名称:12861
链接:http://www.securityfocus.com/bid/12861
来源:MILW0RM
名称:7499
链接:http://www.milw0rm.com/exploits/7499
来源:SECUNIA
名称:33233
链接:http://secunia.com/advisories/33233