DMXReady Registration Manager Arbitrary File Upload Vulnerability

vendor:

Registration Manager

by:

Securitylab.ir

7,5

CVSS

HIGH

Arbitrary File Upload Vulnerability

434

CWE

Product Name: Registration Manager

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: YES

Related CWE: N/A

CPE: a:dmxready:registration_manager:1.1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

DMXReady Registration Manager Arbitrary File Upload Vulnerability

A vulnerability in DMXReady Registration Manager version 1.1 allows an attacker to upload arbitrary files to the server. This can be exploited to execute arbitrary code by uploading a malicious file. The vulnerability exists in the assetmanager.asp file, which is used to upload files. An attacker can exploit this vulnerability by selecting a malicious file and uploading it to the server. The malicious file can then be accessed at http://site.com/assets/webblogmanager/shell.aspx.

Mitigation:

Upgrade to the latest version of DMXReady Registration Manager.

Source

Exploit-DB raw data:

######################### Securitylab.ir ########################
# Application Info:
# Name: DMXReady Registration Manager
# Version: 1.1
# Website: http://www.dmxready.com
#################################################################
# Discoverd By: Securitylab.ir
# Website: http://securitylab.ir
# Contacts: admin[at]securitylab.ir & info@securitylab[dot]ir
#################################################################
# Vulnerability Info:
# Type: Arbitrary File Upload Vulnerability
# Risk: High
# Dork: "inc_webblogmanager.asp"
#===========================================================
# http://site.com/includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp
# select file and uploaded
# view file : http://site.com/assets/webblogmanager/shell.aspx
#===========================================================
#################################################################
# Securitylab Security Research Team
###################################################################

# milw0rm.com [2009-05-20]