BetaParticle (bp) is a ASP CMS ( Blog + Gallery ).
I found 2 vulnerabilities in BetaParticle.

* http://example.com/bp : is BP path !

1) BP Database Disclosure

For version < 3.0

Database path : http://example.com/bp/database/dbBlogMX.mdb

you can download it and disclose the administrator username and password .

Solution :
Move your DB to outside the web root and correct DB physical path .
---------------------------------------------------

For version >= 3.0

Database path : http://example.com/Blog.mdb
*And BP path must be : http://example.com/bp/

you can download it and disclose the administrator username and password .

Solution :
Move your DB to outside the web root and correct DB physical path .
---------------------------------------------------

2) Upload/Delete files and images without admin's password

For version =< 3.0

For uploading files go to upload.asp
http://example.com/bp/upload.asp

For deleting files go to myFiles.asp
http://example.com/bp/myFiles.asp

Solution :
Using BP V 4.0

[ reply ]