Easy News Content Management (News.mdb) Database Disclosure Vuln

2009.03.23

Credit: BeyazKurt

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2008-6493

CWE: CWE-264

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

#######################################################
# Author : BeyazKurt
# Contact : BeyazKurt@BSDMail.Com
# Site : www.khg-crew.ws - KOSOVA HACKERS GROUP
#
# Script : Easy Content Management Publishing
# Script Site : http://easy-news.org/content-management-terns.asp
# Description :
# An easy to use ASP-based content management news system. Mulitple login levels, news expiration dates and many more
# features. Uses MS Access database. Content management systems help increase freshness of your sites content by makeing it
# easy to update. Free license under the GPL.
#
# Exploit:
# SITE.COM/Database/News.mdb
# D0rk : "powered by easy-news.org"
#
# -------------------------------
# Mitrovica &#195;&#171;sht&#195;&#171; Kosov&#195;&#171;, Kosova &#195;&#171;sht&#195;&#171; Shqiperi - Etnic ALBANIA (H)
# Proud 2 Be MUSLIM !
# Proud 2 Be ALBANIAN !
# Boyle aciklarida yayinliyosan yuh a.g
#######################################################

References:

http://www.milw0rm.com/exploits/7340

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Easy News Content Management (News.mdb) Database Disclosure Vuln

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.