Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> BDPDT Arbitrary File Upload Vulnerabily


Vulnerability Assessment Details

BDPDT Arbitrary File Upload Vulnerabily

Vulnerability Assessment Summary
Checks for BDPDT's uploadfilepopup.aspx

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains an ASP script that permits uploading of
arbitrary files.

Description :

The remote host contains BDPDT, a database abstraction layer used in
various add-on modules for DotNetNuke.

The installed version of the BDPDT contains an ASP.NET script that
permits an unauthenticated attacker to gain control of the affected
host by permiting uploading arbitrary files with the
'UploadFilePopUp.aspx' script.

See also :

http://www.dotnetnuke.com/Community/Blogs/tabid/825/EntryID/422/Default.aspx
http://forums.asp.net/thread/1276672.aspx
http://www.wwwcoder.com/Default.aspx?tabid=283&EntryID=723
http://www.wwwcoder.com/Default.aspx?tabid=283&EntryID=733

Solution :

Contact the vendor for a newer version of BDPDT.

Network Security Threat Level:

Critical / CVSS Base Score : 10
(AV:R/AC:L/Au:NR/C:C/A:C/I:C/B:N)

Networks Security ID: 18522

Vulnerability Assessment Copyright: This script is Copyright (C) 2006-2007 Tenable Network Security

Cables, Connectors

HP PROLIANT BL465C G8 SERVER TWO 6380 2.5GHZ 48GB 500GB SATA
$2979.0
HP PROLIANT BL465C G8 SERVER TWO 6380 2.5GHZ 48GB 500GB SATA pictureHP ProLiant BL465c G6 Blade Dual Opteron 2435 6C 2.6GHz 8GB 2x 300GB 15K SAS
$1020.0
HP ProLiant BL465c G6 Blade Dual Opteron 2435 6C 2.6GHz 8GB 2x 300GB 15K SAS pictureHP Proliant DL380p G8, 2 Intel E5-2690, 192 Go Ram, 2x 300 go SAS 10K
$2151.45
HP Proliant DL380p G8, 2 Intel E5-2690, 192 Go Ram, 2x 300 go SAS 10K pictureIBM BLADECENTER E 14 X HS22 BLADES WITH 2 X 6C E5649 48GB RAM 2 X 300GB 7870-AC1
$28269.0
IBM BLADECENTER E 14 X HS22 BLADES WITH 2 X 6C E5649 48GB RAM 2 X 300GB 7870-AC1 picture


Discussions

No Discussions have been posted on this vulnerability.