StatCounteX 3.1 Multiple Vulnerabilities

vendor:

StatCounteX

by:

Phenom

8,8

CVSS

HIGH

Database Disclosure Vulnerability, Remote Admin Access Vulnerability

200, 264

CWE

Product Name: StatCounteX

Affected Version From: 3.1

Affected Version To: 3.1

Patch Exists: NO

Related CWE: N/A

CPE: 2enetworx:statcountex

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2020

StatCounteX 3.1 Multiple Vulnerabilities

The vulnerability allows an attacker to access the stats.mdb database and gain remote admin access by visiting the admin.asp page.

Mitigation:

Ensure that the stats.mdb file is not accessible from the web server and that the admin.asp page is not accessible to unauthorized users.

Source

Exploit-DB raw data:

# Software Link: http://www.2enetworx.com/dev/projects/download.asp?pid=4&rid=34
# Version: 3.1
# Tested on: Windows xp sp3

------------------------------------------------------

 _____  _                                
|  __ \| |                               
| |__) | |__   ___ _ __   ___  _ __ ___  
|  ___/| '_ \ / _ \ '_ \ / _/\| '_ ` _ \ 
| |    | | | |  __/ | | | (_) | | | | | |
|_|    |_| |_|\___|_| |_|\/__/|_| |_| |_|


------------------------------------------------------

###########        StatCounteX 3.1 Multiple Vulnerabilities          ############
#
#       Author : Phenom
#
#       app version : 3.1
#
#################################################################################

####### Exploit #################################################################
#
#    1 - Database Disclosure Vulnerability
#
#        http://site.com/path/stats.mdb
#
#    2 - Remote Admin Access Vulnerability
#
#        http://site.com/path/admin.asp
#
#        here you can edit tables and configuration
#
#################################################################################