Web Wiz Internet Search Engine search_engine.mdb Admin Password Disclosure

2003-09-01T00:00:00
ID OSVDB:10355
Type osvdb
Reporter Security .Net Information(snilabs@gmail.com), CyberTalon()
Modified 2003-09-01T00:00:00

Description

Vulnerability Description

Internet Search Engine contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords when the search_engine.mdb is downloaded, which may lead to a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Internet Search Engine contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords when the search_engine.mdb is downloaded, which may lead to a loss of confidentiality.

Manual Testing Notes

http://[victim]/search_engine.mdb

References:

Vendor URL: http://www.webwizguide.info/asp/sample_scripts/internet_search_engine_script.asp Security Tracker: 1011421 Secunia Advisory ID:9642 Related OSVDB ID: 10353 Related OSVDB ID: 10354