DMXReady Registration Manager 1.1 - Arbitrary File Upload

EKU-ID: 16554	CVE: OSVDB-55430;CVE-2009-2238	OSVDB-ID:
Author: Securitylab.ir	Published: 2009-05-20	Verified:
Download:

Rating

☆☆☆☆☆

######################### Securitylab.ir ########################
# Application Info:
# Name: DMXReady Registration Manager
# Version: 1.1
# Website: http://www.dmxready.com
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Arbitrary File Upload Vulnerability
# Risk: High
# Dork: "inc_webblogmanager.asp"
#===========================================================
# http://site.com/includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp
# select file and uploaded
# view file : http://site.com/assets/webblogmanager/shell.aspx
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################

# milw0rm.com [2009-05-20]