AOH :: Web :: CMS / Portals :: TB12776.HTM

ASP-CMS version 1 default password location.

ASP-CMS version 1 default password location.
ASP-CMS version 1 default password location.


ASP-CMS version 1 default password location. 

http://asp-cms.sourceforge.net/ 

A vulnerability exists within the content management system ASP-CMS that allows a remote user to see the username and password of 

the content management system itsself. the user/pass combo along with all the other settings of the application are stored in an 

MDB file in the folder mdb-database. 

Attackers can input the following into an affected site:
http://www.example.com/asp-cms/mdb-database/ASP-CMS_v100.mdb 

The fix would be to add place the file somewhere else on the filesystem out of reach of the http area.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.