BetaParticle (bp) is a ASP CMS ( Blog + Gallery ). I found 2 vulnerabilities in BetaParticle. * http://example.com/bp : is BP path ! 1) BP Database Disclosure For version < 3.0 Database path : http://example.com/bp/database/dbBlogMX.mdb you can download it and disclose the administrator username and password . Solution : Move your DB to outside the web root and correct DB physical path . --------------------------------------------------- For version >= 3.0 Database path : http://example.com/Blog.mdb *And BP path must be : http://example.com/bp/ you can download it and disclose the administrator username and password . Solution : Move your DB to outside the web root and correct DB physical path . --------------------------------------------------- 2) Upload/Delete files and images without admin's password For version =< 3.0 For uploading files go to upload.asp http://example.com/bp/upload.asp For deleting files go to myFiles.asp http://example.com/bp/myFiles.asp Solution : Using BP V 4.0