id: mdb-database-file info: name: MDB database file leakage author: pdteam severity: medium reference: - https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/07-Input_Validation_Testing/05.5-Testing_for_MS_Access.html tags: fuzz,mdb,asp requests: - raw: - | GET {{mdbPaths}} HTTP/1.1 Host: {{Hostname}} Origin: {{BaseURL}} Accept-Language: en-US,en;q=0.9 payloads: mdbPaths: helpers/wordlists/mdb-paths.txt threads: 50 max-size: 500 # Size in bytes - Max Size to read from server response stop-at-first-match: true matchers-condition: and matchers: - type: binary binary: - "000100005374616E64617264204A657420444200" # mdb part: body - type: word words: - "application/x-msaccess" part: header - type: status status: - 200