This is a technical writeup describing an information disclosure vulnerability in Vcalendar_asp, where the database file (VCalendar.mdb) is exposed and can be downloaded to extract admin credentials. The exploit involves accessing the MDB file directly via a predictable path and reading the 'users' table.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target:Vcalendar_asp
No auth needed
Prerequisites:Access to the target web server · Predictable path to the MDB file