Battle Blog 1.25 (uploadform.asp) Remote File Upload Vulnerability

vendor:

Battle Blog 1.25

by:

Cyber-Zone (ABDELKHALEK)

9,3

CVSS

HIGH

Remote File Upload

434

CWE

Product Name: Battle Blog 1.25

Affected Version From: 1.25

Affected Version To: 1.25

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Battle Blog 1.25 (uploadform.asp) Remote File Upload Vulnerability

Battle Blog 1.25 is vulnerable to a remote file upload vulnerability. An attacker can upload malicious files to the vulnerable server by exploiting the uploadform.asp page. This can lead to remote code execution.

Mitigation:

Restrict access to the uploadform.asp page and ensure that only authorized users can access it.

Source

Exploit-DB raw data:

         ***********************************************************************
         *  Battle Blog 1.25 (uploadform.asp) Remote File Upload Vulnerability *
         ***********************************************************************
         

         Found By : Cyber-Zone (ABDELKHALEK)


 
         +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
         http://localhost/blog/admin/uploadform.asp
         
         After You Upload Your File You Will See The Link To THE File Just Below
         
         
         
         some demos :+
         
         http://www.xxx.com/admin/uploadform.asp
         
         
         
         
      
         Have Nice Day                                             //Cyber-Zone
         +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

# milw0rm.com [2009-05-08]