NewsTraXor Remote Database Disclosure Vulnerability
BID:10194
Info
NewsTraXor Remote Database Disclosure Vulnerability
| Bugtraq ID: | 10194 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 22 2004 12:00AM |
| Updated: | Apr 22 2004 12:00AM |
| Credit: | Discovery of this issue is credited to CyberTal0n. |
| Vulnerable: |
NewsTraXor Website Management Script 2.9 beta |
| Not Vulnerable: | |
Discussion
NewsTraXor Remote Database Disclosure Vulnerability
Reportedly NewsTraXor is affected by a remote database disclosure vulnerability. This issue is due to a design error that allows the database file to be globally readable.
This issue may allow a remote attacker to gain unauthorized administrative access to the affected web application.
Reportedly NewsTraXor is affected by a remote database disclosure vulnerability. This issue is due to a design error that allows the database file to be globally readable.
This issue may allow a remote attacker to gain unauthorized administrative access to the affected web application.
Exploit / POC
NewsTraXor Remote Database Disclosure Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been provided:
www.example.com/news/Dbase/nTrax.mdb
No exploit is required to leverage this issue. The following proof of concept has been provided:
www.example.com/news/Dbase/nTrax.mdb
Solution / Fix
NewsTraXor Remote Database Disclosure Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.