ASPDownload v 1.03 Remote Admin Bypass Exploit

vendor:

ASPDownload

by:

Underz0ne Crew

7.5

CVSS

HIGH

Remote Admin Bypass

N/A

CWE

Product Name: ASPDownload

Affected Version From: ASPDownload v 1.03

Affected Version To: ASPDownload v 1.03

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

ASPDownload v 1.03 Remote Admin Bypass Exploit

The problem is that the script's owner doesnt request a Login page for the DANGEROUS file setupdownload.asp where we can RESET the admin's access and change the admin's informations for whatever we want!

Mitigation:

Ensure that the setupdownload.asp page is not accessible to unauthorized users.

Source

Exploit-DB raw data:

                                    \  ASPDownload v 1.03 Remote Admin Bypass Exploit   /
                                     \                                                 /
                                      \_______________________________________________/



[+] Author      : Underz0ne Crew
[+] Script      : ASPDownload v 1.03
[+] Risk        : High
[+] Script URL  : http://www.toddwoolums.com/aspdownload.asp
[+] Dork        : Powered by AspDownload

--//--> Exploit Area :

[+] Description : The problem is that the script's owner doesnt request a Login page for the DANGEROUS file setupdownload.asp where we can RESET the admin's 
access and change the admin's informations for whatever we want !

[+] How to Exploit :

1) Go to : http://dork.cc/PathToScript/setupdownload.asp
2) Change the Info's
3) Login with the new informations in default.asp page
4) Upload an ASP shell from the upload.asp page

So simple!


[+] Greetz : stack , Bl@ckbe@rD , Djekmani , HouSSamiX  

# milw0rm.com [2008-06-10]