OSVDB ID: 10355

Title: Web Wiz Internet Search Engine search_engine.mdb Admin Password Disclosure

Info

Disclosure

Sep 01, 2003

Discovery

Unknown

Dates

Exploit

Sep 26, 2004

Solution

Unknown

Description

Internet Search Engine contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords when the search_engine.mdb is downloaded, which may lead to a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Web Wiz

Internet Search Engine

3.2

References

Security Tracker: 1011421
Related OSVDB ID: 10353 10354
Secunia Advisory ID: 9642
Vendor URL: http://www.webwizguide.info/asp/sample_scripts/internet_search_engine_script.asp

Credit

CyberTalon -
Security .Net Information - snilabsgmail.com -

Direct URL: http://osvdb.org/36218