[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

2 vulnerabilities in BetaParticle

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: 2 vulnerabilities in BetaParticle
From: farhad koosha <farhadkey@xxxxxxxxx>
Date: 20 Mar 2005 06:34:43 -0000


BetaParticle (bp) is a ASP CMS ( Blog + Gallery ).
I found 2 vulnerabilities in BetaParticle.

* http://example.com/bp : is BP path !

1) BP Database Disclosure

For version < 3.0

Database path : http://example.com/bp/database/dbBlogMX.mdb

you can download it and disclose the administrator username and password .

Solution :
Move your DB to outside the web root and correct DB physical path .
---------------------------------------------------

For version >= 3.0

Database path : http://example.com/Blog.mdb
*And BP path must be : http://example.com/bp/

you can download it and disclose the administrator username and password .

Solution :
Move your DB to outside the web root and correct DB physical path .
---------------------------------------------------

2) Upload/Delete files and images without admin's password

For version =< 3.0

For uploading files go to upload.asp
http://example.com/bp/upload.asp

For deleting files go to myFiles.asp
http://example.com/bp/myFiles.asp

Solution :
Using BP V 4.0

Prev by Date: [CLA-2005:940] Conectiva Security Announcement - curl
Next by Date: TSL-2005-0009 - multi
Previous by thread: [CLA-2005:940] Conectiva Security Announcement - curl
Next by thread: TSL-2005-0009 - multi
Index(es):
- Date
- Thread