##########################www.BugReport.ir######################################## # # AmnPardaz Security Research Team # # Title: SASPCMS Multiple Vulnerabilities # Vendor: http://www.lgasoft.com # Vulnerable Version: 0.9 (prior versions also may be affected) # Exploitation: Remote with browser # Fix: N/A ################################################################################### #################### - Description: #################### SASPCMS is an ASP Content Management System . SASPCMS witch uses MSSQL & Microsoft Access as backend database. #################### - Vulnerability: #################### +-->Authentication Bypass POC: ' or ''=' http://[URL]/saspcms/admin/default.asp +-->Database Information Disclosure POC: http://[URL]/saspcms/db/menu.mdb +-->Cross Site Scripting (XSS). Reflected XSS attack in "default.asp" in "q" parameter. POC: http://[URL]/saspcms/default.asp?q= #################### - PoC: #################### It's possible for remote attackers to upload arbitrary files by using FCKEditor after login to admin area.
SASPCMS Remote File Upload