[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] New problem in Upload section in ASP service

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] New problem in Upload section in ASP service
From: saied hackeriran <saiedhackeriran@xxxxxxxxx>
Date: Thu, 25 May 2006 01:39:56 -0700 (PDT)

In The Name Of God
   
  Group:HackeranShiraz
  Discoverer:SaiedHacker
   
  */#######>>>>>
  This problem causes errors in ASP service 
  This Problem is because of not checking the input data
  Well in uploading image files section
  When the user choosing an image file in uploading section 
  It?s possible to pass the checking input data by injecting some
  Charectors and we can easily cause the system
  */#######>>>>>
   
  Exploit:
  In the uploading field we can type this code:
  C:\>.jpg
  Then press  the upload button
   
   
  Web:http://www.SaiedHackerPro.PersianBlog.com
  E-mail:SaiedHackerIran@xxxxxxxxx

                
---------------------------------
Do you Yahoo!?
 Get on board. You're invited to try the new Yahoo! Mail Beta.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] New problem in Upload section in ASP service
  - From: Valdis . Kletnieks
- Re: [Full-disclosure] New problem in Upload section in ASP service
  - From: c0redump

Prev by Date: Re: [Full-disclosure] Responsibility
Next by Date: RE: [Full-disclosure] Responsibility
Previous by thread: Re: [Full-disclosure] Security speakers are often very good book writers
Next by thread: Re: [Full-disclosure] New problem in Upload section in ASP service
Index(es):
- Date
- Thread