Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15530
HistoryDec 31, 2006 - 12:00 a.m.

SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit

2006-12-3100:00:00
vulners.com
19
JSON

Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/

Advisory Name: SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit
Tested and Confirmed Vulerable: SoftArtisans SAFileUp(TM) 5.0.14 (Standard)
Severity: High
Type: Script source disclosure
>From where: Remote
Discovered by: Inge Henriksen (http://ingehenriksen.blogspot.com/)
Vendor Status: Notified
Overview:

SoftArtisans SAFileUp(TM) is a popular web server component for transactional uploading of files to a web server using a web browser.

When installing SoftArtisans SAFileUp(TM) you should avoid installing the samples as viewsrc.asp can let remote anonymous users see script source code or configuration settings outside the /SAFileUpSamples virtual directory. This is accomplished by modifying the "path" query variable to point to files outside the designated directory. A web browser from a remote location is a sufficient tool to see the source code or configuration settings in plain text.

Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at http://ingehenriksen.blogspot.com/

JSON