SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   betaparticle blog Vendors:   betaparticle.com
betaparticle blog Discloses Database to Remote Users and Lets Remote Users Upload/Delete Arbitrary Files
SecurityTracker Alert ID:  1013510
SecurityTracker URL:  http://securitytracker.com/id/1013510
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Mar 22 2005
Impact:   Disclosure of authentication information, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 4.0
Description:   Two vulnerabilities were reported in betaparticle blog. A remote user can access the underlying database. A remote user can upload and delete arbitrary files.

A remote user can directly access the underlying database with the following type of URLs:

http://[target]/bp/database/dbBlogMX.mdb
http://[target]/Blog.mdb

The database includes the administrator's username and password.

A remote user can upload arbitrary files using the following URL:

http://[target]/bp/upload.asp

A remote user can delete arbitrary files using the following URL:

http://[target]/bp/myFiles.asp

farhad koosha reported this vulnerability.

Impact:   A remote user can access the underlying database, which includes the administrator's username and password.

A remote user can upload and delete arbitrary files.

Solution:   The vendor has issued a fixed version (4.0), available at:

http://www.betaparticle.com/blog/index.html

Vendor URL:  www.betaparticle.com/blog/index.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  2 vulnerabilities in BetaParticle




BetaParticle (bp) is a ASP CMS ( Blog + Gallery ).
I found 2 vulnerabilities in BetaParticle.

* http://example.com/bp : is BP path !

1) BP Database Disclosure

For version < 3.0

Database path : http://example.com/bp/database/dbBlogMX.mdb

you can download it and disclose the administrator username and password .

Solution :
Move your DB to outside the web root and correct DB physical path .
---------------------------------------------------

For version >= 3.0

Database path : http://example.com/Blog.mdb
*And BP path must be : http://example.com/bp/

you can download it and disclose the administrator username and password .

Solution :
Move your DB to outside the web root and correct DB physical path .
---------------------------------------------------

2) Upload/Delete files and images without admin's password

For version =< 3.0

For uploading files go to upload.asp
http://example.com/bp/upload.asp

For deleting files go to myFiles.asp
http://example.com/bp/myFiles.asp

Solution :
Using BP V 4.0

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC