CactuShop v6 Database Disclosure Vulnerability

vendor:

CactuShop v6

by:

LionTurk

7.5

CVSS

HIGH

Database Disclosure

200

CWE

Product Name: CactuShop v6

Affected Version From: CactuShop v6

Affected Version To: CactuShop v6

Patch Exists: No

Related CWE: N/A

CPE: a:cactusoft:cactushop_v6

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: ASP

2006

CactuShop v6 Database Disclosure Vulnerability

CactuShop v6 is vulnerable to a database disclosure vulnerability. An attacker can access the database by sending a request to the URL http://[target].com/[path]/database/cactushop6.mdb. This will allow the attacker to access the database and view sensitive information.

Mitigation:

Ensure that the database is not accessible from the web server.

Source

Exploit-DB raw data:

==============================================================================  

                      _      _       _          _      _   _  

                     / \    | |     | |        / \    | | | |  

                    / _ \   | |     | |       / _ \   | |_| |  

                   / ___ \  | |___  | |___   / ___ \  |  _  |  

                  /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|  

   

   

==============================================================================  

        [&#65533;] ~ Note : Forever RevengeHack.Com 

==============================================================================  

        [&#65533;] CactuShop v6  Database Disclosure Vulnerability  

==============================================================================  

   

    [&#65533;] Script:             [  CactuShop v6  ]  

    [&#65533;] Language:           [ ASP ]  

    [&#65533;] Download:           [ http://www.aspindir.com/Goster/3114] 

    [&#65533;] Founder:            [ LionTurk -  Bylionturk@kafam1milyon.com }

    [&#65533;] My Home:            [ RevengeHack.com ]  

    [&#65533;]N0T3    :             Yeni Ac&#65533;klar&#65533;m&#65533; Bekleyin

###########################################################################  

   

===[ Exploit And Dork  ]===  

   

  [&#65533;] http://[target].com/[path]/database/cactushop6.mdb

 


  [&#65533;] CactuShop v6 ASP Shopping Cart &#65533;1999-2006 Cactusoft International FZ-LLC & Cactusoft Ltd. All rights reserved.


  [&#65533;]   Admin Page: /_login.asp?




Author:  LionTurk <-  

Bizim Asiret: eXceptioN,CodeInside,CristaL1o,Hack3ra,eXtReMe,By_HKC,TerrorZv&#65533;ng

                 

- Ben Ne Heyk&#65533;rlar G&#65533;rd&#65533;m  site heyklicek exploiti yok.Ben Ne exploitler g&#65533;rd&#65533;m kullancak heykir yok :D

                                 


###########################################################################