Full Disclosure mailing list archives
Re: New problem in Upload section in ASP service
From: <c0redump () ackers org uk>
Date: Thu, 25 May 2006 19:55:52 +0100
Twat.----- Original Message ----- From: saied hackeriran To: full-disclosure () lists grok org uk Sent: Thursday, May 25, 2006 9:39 AM
Subject: [Full-disclosure] New problem in Upload section in ASP service In The Name Of God Group:HackeranShiraz Discoverer:SaiedHacker */#######>>>>>This problem causes errors in ASP service This Problem is because of not checking the input data
Well in uploading image files sectionWhen the user choosing an image file in uploading section It's possible to pass the checking input data by injecting some
Charectors and we can easily cause the system */#######>>>>> Exploit: In the uploading field we can type this code: C:\>.jpg Then press the upload button Web:http://www.SaiedHackerPro.PersianBlog.com E-mail:SaiedHackerIran () Yahoo com Do you Yahoo!? Get on board. You're invited to try the new Yahoo! Mail Beta. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New problem in Upload section in ASP service saied hackeriran (May 25)
- Re: New problem in Upload section in ASP service Valdis . Kletnieks (May 25)
- Re: New problem in Upload section in ASP service c0redump (May 25)