Baran CMS version 1.0 suffers from file upload, cross site scripting, SQL injection, cookie manipulation, and database disclosure vulnerabilities.
16990994f77c72a74621ea1b02449b8f745086850ed573d04fa0b2870c179533
#########################################################################################
[0x01] Informations :
Name : Baran Cms
Version : 1.0 (Personal)
site : http://www.baran-cms.ir
$$ : 50$
Vul : (Arbitrary ASP File Upload/DB/SQL/XSS/CM)
Credit : Aria-Security Team
Website : http://Aria-Security.Net
Contact : Pouya.s3rver@Gmail.com
#########################################################################################
[0x02] Arbitrary ASP File Upload :
http://site.ir/upadmini/DEMO.asp
Up to System
shell uploaded in : http://site.ir/upadmini/Uploads/[Name.asp]
example : http://www.zenyan.ir/upadmini/Uploads/sh3ller.asp
------------------------------------------------------------
[0x03] Database backups :
The Latest generated Database's backups
http://site.ir/[Sitename]dbdb/[1.zip,2.zip,3.zip,n+1.zip !?!]
admin.mdb + db.mdb
admin.mdb : Administrator Information
db.mdb : data file
------------------------------------------------------------
[0x04] SQL :
http://site.ir/main/default.asp?CatId=[SQL]
------------------------------------------------------------
[0x05] XSS :