Full Disclosure mailing list archives
New problem in Upload section in ASP service
From: saied hackeriran <saiedhackeriran () yahoo com>
Date: Thu, 25 May 2006 01:39:56 -0700 (PDT)
In The Name Of God Group:HackeranShiraz Discoverer:SaiedHacker */#######>>>>> This problem causes errors in ASP service This Problem is because of not checking the input data Well in uploading image files section When the user choosing an image file in uploading section ItÂ’s possible to pass the checking input data by injecting some Charectors and we can easily cause the system */#######>>>>> Exploit: In the uploading field we can type this code: C:\>.jpg Then press the upload button Web:http://www.SaiedHackerPro.PersianBlog.com E-mail:SaiedHackerIran () Yahoo com --------------------------------- Do you Yahoo!? Get on board. You're invited to try the new Yahoo! Mail Beta.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New problem in Upload section in ASP service saied hackeriran (May 25)
- Re: New problem in Upload section in ASP service Valdis . Kletnieks (May 25)
- Re: New problem in Upload section in ASP service c0redump (May 25)