|
Family: CGI abuses --> Category: attack
BDPDT Arbitrary File Upload Vulnerabily Vulnerability Scan
Vulnerability Scan Summary Checks for BDPDT's uploadfilepopup.aspx
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains an ASP script that allows uploading of
arbitrary files.
Description :
The remote host contains BDPDT, a database abstraction layer used in
various add-on modules for DotNetNuke.
The installed version of the BDPDT contains an ASP.NET script that
allows an unauthenticated attacker to gain control of the affected
host by allowing uploading arbitrary files with the
'UploadFilePopUp.aspx' script.
See also :
http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryID/422/Default.aspx
http://forums.asp.net/thread/1276672.aspx
http://www.wwwcoder.com/Default.aspx?tabid=283&EntryID=723
http://www.wwwcoder.com/Default.aspx?tabid=283&EntryID=733
Solution :
Contact the vendor for a newer version of BDPDT.
Threat Level:
Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|