CVE-2004-2060

ASPRunner 2.4 - Unauthenticated Database Exposure via Predictable Filename

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2060. PoCs published by Ferruh Mavituna.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in ASPRunner versions 2.4 and prior, including SQL injection, XSS, info disclosure, and unauthorized database access. It references a SecurityFocus BID but lacks actual exploit code or technical details.

Description

ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based on table and field names.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Ferruh Mavituna · textwebappsasp

https://www.exploit-db.com/exploits/24317

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in ASPRunner versions 2.4 and prior, including SQL injection, XSS, info disclosure, and unauthorized database access. It references a SecurityFocus BID but lacks actual exploit code or technical details.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: ASPRunner <= 2.4

No auth needed

Prerequisites: knowledge of target URL structure

MITRE ATT&CK