| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <003a01c6802c$db6bf6c0$0100a8c0@TRINITY> Date: Thu May 25 19:56:19 2006 From: c0redump at ackers.org.uk (c0redump@...ers.org.uk) Subject: New problem in Upload section in ASP service Twat. ----- Original Message ----- From: saied hackeriran To: full-disclosure@...ts.grok.org.uk Sent: Thursday, May 25, 2006 9:39 AM Subject: [Full-disclosure] New problem in Upload section in ASP service In The Name Of God Group:HackeranShiraz Discoverer:SaiedHacker */#######>>>>> This problem causes errors in ASP service This Problem is because of not checking the input data Well in uploading image files section When the user choosing an image file in uploading section It's possible to pass the checking input data by injecting some Charectors and we can easily cause the system */#######>>>>> Exploit: In the uploading field we can type this code: C:\>.jpg Then press the upload button Web:http://www.SaiedHackerPro.PersianBlog.com E-mail:SaiedHackerIran@...oo.com Do you Yahoo!? Get on board. You're invited to try the new Yahoo! Mail Beta. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists