header-logo
Suggest Exploit
vendor:
Asset Manager
by:
Ra3cH
7,5
CVSS
HIGH
Remote File upload
N/A
CWE
Product Name: Asset Manager
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A

Asset Manager Remote File upload Vulnerability

An attacker can upload a malicious file to the Asset Manager application by appending a malicious file extension to the file name. This can be done by accessing the assetmanager.asp page and uploading the malicious file.

Mitigation:

Ensure that the application is configured to only allow the upload of files with valid file extensions and that the application is configured to validate the file content.
Source

Exploit-DB raw data:

************************************************************
** 	 Asset Manager Remote File upload Vulnerability
**
************************************************************
**  Prodcut:		Asset Manager   
**  Home   : 		N/A
**  Vunlerability :		Remote File upload
**  Risk  :		High
**  Dork : 		inurl:Editor/assetmanager/assetmanager.asp
************************************************************
** Discovred by:	Ra3cH
** From	       :	Algeria
** Contact     : 	e51@hotmail.fr
** *********************************************************
************************************************************
**  Exploit:
**  http://[PATH]/assetmanager/assetmanager.asp
**  
**
**  and upload your shell .... dz4all.asp;.jpg 
**  
************************************************************
**
**
**
** Greetz to :     ALLAH
**         All Members of  http://www.DZ4All.cOm/Cc
**          And My BrOther AnGeL25dZ & yasMouh & ProToCoL & Mr.Benladen & T O X ! N £ & n2n & 
***********************************************************

Navigation

Suggest Exploit

Services By CQR