Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

New problem in Upload section in ASP service

From: saied hackeriran <saiedhackeriran () yahoo com>
Date: Thu, 25 May 2006 01:39:56 -0700 (PDT)
In The Name Of God
   
  Group:HackeranShiraz
  Discoverer:SaiedHacker
   
  */#######>>>>>
  This problem causes errors in ASP service 
  This Problem is because of not checking the input data
  Well in uploading image files section
  When the user choosing an image file in uploading section 
  ItÂ’s possible to pass the checking input data by injecting some
  Charectors and we can easily cause the system
  */#######>>>>>
   
  Exploit:
  In the uploading field we can type this code:
  C:\>.jpg
  Then press  the upload button
   
   
  Web:http://www.SaiedHackerPro.PersianBlog.com
  E-mail:SaiedHackerIran () Yahoo com

                
---------------------------------
Do you Yahoo!?
 Get on board. You're invited to try the new Yahoo! Mail Beta.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: