Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses --> Category: attack

BDPDT Arbitrary File Upload Vulnerabily Vulnerability Scan


Vulnerability Scan Summary
Checks for BDPDT's uploadfilepopup.aspx

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains an ASP script that allows uploading of
arbitrary files.

Description :

The remote host contains BDPDT, a database abstraction layer used in
various add-on modules for DotNetNuke.

The installed version of the BDPDT contains an ASP.NET script that
allows an unauthenticated attacker to gain control of the affected
host by allowing uploading arbitrary files with the
'UploadFilePopUp.aspx' script.

See also :

http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryID/422/Default.aspx
http://forums.asp.net/thread/1276672.aspx
http://www.wwwcoder.com/Default.aspx?tabid=283&EntryID=723
http://www.wwwcoder.com/Default.aspx?tabid=283&EntryID=733

Solution :

Contact the vendor for a newer version of BDPDT.

Threat Level:

Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.