Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Novell GroupWise Web Access Multiple XSS

MULTIPLE SQL INJECTION VULNERABILITIES --Flash Quiz Beta 2-->

DDIVRT-2009-25 IPsession SQL Injection Vulnerability

[Full-disclosure] Drupal 6.12 (core) User Module XSS Vulnerability

From:	info_(at)_securitylab.ir <info_(at)_securitylab.ir>
Date:	21.05.2009
Subject:	DMXReady Registration Manager Arbitrary File Upload Vulnerability

######################### Securitylab.ir ########################
# Application Info:
# Name: DMXReady Registration Manager
# Version: 1.1
# Website: http://www.dmxready.com
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Arbitrary File Upload Vulnerability
# Risk: High
# Dork: "inc_webblogmanager.asp"
#===========================================================
# http://site.com/includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.
asp
# select file and uploaded
# view file : http://site.com/assets/webblogmanager/shell.aspx
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################