[Full-disclosure] New problem in Upload section in ASP service
saied hackeriran
saiedhackeriran at yahoo.com
Thu May 25 09:39:56 BST 2006
In The Name Of God
Group:HackeranShiraz
Discoverer:SaiedHacker
*/#######>>>>>
This problem causes errors in ASP service
This Problem is because of not checking the input data
Well in uploading image files section
When the user choosing an image file in uploading section
It’s possible to pass the checking input data by injecting some
Charectors and we can easily cause the system
*/#######>>>>>
Exploit:
In the uploading field we can type this code:
C:\>.jpg
Then press the upload button
Web:http://www.SaiedHackerPro.PersianBlog.com
E-mail:SaiedHackerIran at Yahoo.com
---------------------------------
Do you Yahoo!?
Get on board. You're invited to try the new Yahoo! Mail Beta.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060525/7039b249/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.