BP Blog V6.0 & V7.0 & V8.0 & V9.0 Database Disclosure Vulnerability

vendor:

BP Blog

by:

Dxil

7.5

CVSS

HIGH

Database Disclosure

200

CWE

Product Name: BP Blog

Affected Version From: 6

Affected Version To: 9

Patch Exists: Yes

Related CWE: N/A

CPE: a:betaparticle:bp_blog

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

BP Blog V6.0 & V7.0 & V8.0 & V9.0 Database Disclosure Vulnerability

BP Blog versions 6.0, 7.0, 8.0, and 9.0 are vulnerable to a database disclosure vulnerability. An attacker can access the database by sending a request to the vulnerable URL, which is in the form of www.site.com/{path}/Blog.mdb. The vulnerable versions are V6.0, V7.0, V8.0, and V9.0.

Mitigation:

The vendor should ensure that the database is not accessible from the web server.

Source

Exploit-DB raw data:

BP Blog V6.0 & V7.0 & V8.0 & V9.0 Database Disclosure Vulnerability
##############################

# {I} BP Blog V6.0 & V7.0 & V8.0 & V9.0
# {I} Script Website :  http://blog.betaparticle.com/
# {I} Found by  :  Dxil
# {I} Contact :  z1cx@hotmail.com
##############################

# {D} "powered by BP Blog 7.0"  or  "powered by BP Blog 8.0"

##############################

## {E} www.site.com/{path}/Blog.mdb

## {E}
   V6.0 -->> www.students.net/blog/Blog.mdb
   V7.0 -->> www.igpoty.com/blog/Blog.mdb
   V8.0 -->> www.keune.org/blog/Blog.mdb
   V9.0 -->> www.itsallaboutasfc.com/blog/Blog.mdb
##############################

### {G} V4-team <--> Mr.SaFa7 & Ghost Hacker ,,,,   S.V.T <--> Reno :D

# milw0rm.com [2008-12-17]