Free ASP Upload Shell Upload Vulnerability

vendor:

N/A

by:

Mr.aFiR

9.3

CVSS

HIGH

Remote File Upload

434

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Free ASP Upload Shell Upload Vulnerability

This vulnerability allows an attacker to upload a malicious ASP shell to a vulnerable web server. The attacker can then use the shell to execute arbitrary commands on the server. The vulnerability is caused by a lack of proper validation of the uploaded file, allowing an attacker to upload a malicious ASP shell.

Mitigation:

Ensure that all uploaded files are properly validated and sanitized before being stored on the server.

Source

Exploit-DB raw data:

#####################################################################
##                                _______   ____                   ##
##          __ ___               / _____ \ /  __ \                 ##
##         /      \  _ _     ___ | |___ |/ | |  ) )                ##
##        |  Y  Y  \| V_\   / _ Y|  __ |(_)| |_/ /      [A]        ##
##        |__|__|__ \ |  ()| (_] | |  \|| ||  __ \                 ##
##                 \/_/     \___ | |    | || |  ) |                ##
##                              \|/     |_/|_/  |/                 ##
##                                                                 ##
#####################################################################
##          Free ASP Upload Shell Upload Vulnerability             ##
##             Created By Mr.aFiR (Moroccan Hacker)                ##
##                    Email: q-_@hotmail.com                       ##
##                     Website: www.aFiR.me                        ##
##                      (c) -- 10/12/2oo9                          ##
#####################################################################
##                      * How to use it ?                          ##
##                      -----------------                          ##
## ~ Go to : > http://server/path/uploadtester.asp                 ##
##           > Upload Your Asp Shell(shell.asp)                    ##
##           > Now! You Must Find The Directory of Uploads Files   ##
##             Ex.: /upload                                        ##
##                  /uploads                                       ##
##                  /uploaded                                      ##
##                  /uploadeds                                     ##
##                  ...                                            ##
##           > Enjoy With it, You Will Find a lot of infected      ##
##             websites. & Remember me ;)                          ##
#####################################################################
## ~ GreatZ To : > Dr.Crypter - Dr.BoB-Hacker - Love511 & All ...  ##
## ~ Contact   : > q-_[at]Hotmail[dot]com - www[dot]aFiR[dot]me    ##
#####################################################################