Computer Security

Security Advisory: ASP-CMS version 1 default password location.
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  New Advisory:  X-script GuestBook

  phpBB Mod OpenID 0.2.0 BBStore.php Remote File Inclusion

  eGov Content Manager Cross Site Scripting Vulrnability

  ASP Product catalog SQL injection vulnerability

From:joseph.giron13_(at)_gmail.com <joseph.giron13_(at)_gmail.com>
Date:02.10.2007
Subject:ASP-CMS version 1 default password location.

ASP-CMS version 1 default password location.

http://asp-cms.sourceforge.net/

A vulnerability exists within the content management system ASP-CMS that allows a remote user to see the username and password of

the content management system itsself. the user/pass combo along with all the other settings of the application are stored in an

MDB file in the folder mdb-database.

Attackers can input the following into an affected site:
http://www.example.com/asp-cms/mdb-database/ASP-CMS_v100.mdb

The fix would be to add place the file somewhere else on the filesystem out of reach of the http area.
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server