CVE-2009-0328

ROBS-PROJECTS Digital Sales IPN - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0328. PoCs published by Moudi.

AI-analyzed exploit summary This exploit discloses the path to a Microsoft Access database file (Sales.mdb) in the DS-IPN Paypal Shop application, allowing unauthorized access to sensitive data. The vulnerability is due to improper access controls on the database file.

Description

ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for Database/Sales.mdb.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsasp

https://www.exploit-db.com/exploits/7816

View Code ZIP pw:eip

This exploit discloses the path to a Microsoft Access database file (Sales.mdb) in the DS-IPN Paypal Shop application, allowing unauthorized access to sensitive data. The vulnerability is due to improper access controls on the database file.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: DS-IPN Paypal Shop

No auth needed

Prerequisites: Network access to the target web server

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7816

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/48082

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/33602

Scores

EPSS 0.0729

EPSS Percentile 93.6%

Details

CWE

CWE-264

Status published

Products (1)

robs-projects/digital_sales_ipn _nil_

Published Jan 29, 2009

Tracked Since Feb 18, 2026