ASP Download 1.03 Arbitrary Change Administrator Account Vulnerability

2009-04-23 / 2009-04-24

Credit: Underz0ne Crew

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-6739

CWE: CWE-287

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

 \ ASPDownload v 1.03 Remote Admin Bypass Exploit /
\ /
\_______________________________________________/
[+] Author : Underz0ne Crew
[+] Script : ASPDownload v 1.03
[+] Risk : High
[+] Script URL : http://www.toddwoolums.com/aspdownload.asp
[+] Dork : Powered by AspDownload
--//--> Exploit Area :
[+] Description : The problem is that the script's owner doesnt request a Login page for the DANGEROUS file setupdownload.asp where we can RESET the admin's
access and change the admin's informations for whatever we want !
[+] How to Exploit :
1) Go to : http://dork.cc/PathToScript/setupdownload.asp
2) Change the Info's
3) Login with the new informations in default.asp page
4) Upload an ASP shell from the upload.asp page
So simple!
[+] Greetz : stack , Bl@ckbe@rD , Djekmani , HouSSamiX

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ASP Download 1.03 Arbitrary Change Administrator Account Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.