[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] New problem in Upload section in ASP service

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] New problem in Upload section in ASP service
From: <c0redump@xxxxxxxxxxxxx>
Date: Thu, 25 May 2006 19:55:52 +0100

Twat.

----- Original Message -----From: saied hackeriranTo: full-disclosure@xxxxxxxxxxxxxxxxxSent: Thursday, May 25, 2006 9:39 AM

Subject: [Full-disclosure] New problem in Upload section in ASP service


In The Name Of God

Group:HackeranShiraz
Discoverer:SaiedHacker

*/#######>>>>>

This problem causes errors in ASP serviceThis Problem is because of not checking the input data

Well in uploading image files section

When the user choosing an image file in uploading sectionIt's possible to pass the checking input data by injecting some

Charectors and we can easily cause the system
*/#######>>>>>

Exploit:
In the uploading field we can type this code:
C:\>.jpg
Then press  the upload button


Web:http://www.SaiedHackerPro.PersianBlog.com
E-mail:SaiedHackerIran@xxxxxxxxx


Do you Yahoo!?
Get on board. You're invited to try the new Yahoo! Mail Beta.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] New problem in Upload section in ASP service
  - From: saied hackeriran

Prev by Date: Re: [Full-disclosure] Responsibility
Next by Date: [Full-disclosure] rPSA-2006-0082-1 vixie-cron
Previous by thread: Re: [Full-disclosure] New problem in Upload section in ASP service
Next by thread: RE: [Full-disclosure] bypassing Windows Domain Group Policy Objects
Index(es):
- Date
- Thread