UranyumSoft Ýlan Servisi Database Disclosure Vulnerability

vendor:

UranyumSoft Ýlan Servisi

by:

LionTurk

7.5

CVSS

HIGH

Database Disclosure Vulnerability

200

CWE

Product Name: UranyumSoft Ýlan Servisi

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

UranyumSoft Ýlan Servisi Database Disclosure Vulnerability

The vulnerability exists due to the application fails to properly sanitize user-supplied input passed via the 'dizin' parameter in the 'http://server/[dizin]/database/db.mdb' URL. A remote attacker can exploit this vulnerability to disclose the application's database.

Mitigation:

Input validation should be used to prevent the exploitation of this vulnerability.

Source

Exploit-DB raw data:

==============================================================================  

                      _      _       _          _      _   _  

                     / \    | |     | |        / \    | | | |  

                    / _ \   | |     | |       / _ \   | |_| |  

                   / ___ \  | |___  | |___   / ___ \  |  _  |  

                  /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|  

   

   

==============================================================================  

        [»] ~ Note : Mutlu Yillar Millettt

==============================================================================  

        [»]UranyumSoft Ýlan Servisi Database Disclosure Vulnerability  

==============================================================================  

   

    [»] Script:             [ UranyumSoft Ýlan Servisi  ]  

    [»] Language:           [ ASP ]  

    [»] Download:           [ http://aspindir.com/Goster/5420] 

    [»] Founder:            [ LionTurk -  Bylionturk@kafam1milyon.com }

    [»] My Home:            [ RevengeHack.com ]  

    [»]N0T3    :             Yeni Aciklarimi Bekleyin.


###########################################################################  

   

===[ Exploit And Dork  ]===  

   

  [»] http://server/[dizin]/database/db.mdb

 


  [»] Copyright 2008 UranyumSoft.com | Tüm haklarý saklýdýr.

  [»]   Admin Page: /yetki.asp




Author:  LionTurk <-  

Bizim Asiret: eXceptioN,CodeInside,CristaL1o,Hack3ra,eXtReMe,By_HKC,TerrorZveng

                 

- Ben Ne Heykirlar Gordum  site heyklicek exploiti yok.Ben Ne exploitler gordum kullancak heykir yok :D

                                 


###########################################################################