Exploit BetaParticle blog 2.0/3.0 - 'upload.asp' Arbitrary File Upload

Exploiter

Хакер
34,599
0
18 Дек 2022
EDB-ID
25253
Проверка EDB
  1. Пройдено
Автор
FARHAD KOOSHA
Тип уязвимости
WEBAPPS
Платформа
ASP
CVE
cve-2005-0854
Дата публикации
2005-03-21
Код:
source: https://www.securityfocus.com/bid/12861/info
 
betaparticle blog is reported prone to multiple vulnerabilities. The following individual issues are reported:
 
It is reported that betaparticle blog fails to sufficiently secure the authentication credential database. A remote attacker may exploit this vulnerability to download and disclose the contents of the credential database.
 
This issue is reported to affect betaparticle blog prior to and including version 3.0.
 
It is reported that several betaparticle blog scripts may be accessed by a remote unauthenticated attacker and may be employed to upload and delete arbitrary Web server accessible files. A remote attacker may exploit leverage these scripts to deny service for legitimate users or potentially compromise a target computer.
 
It is reported that these scripts may be leveraged on betaparticle blog versions up to and including version 3.0. 

http://www.example.com/bp/upload.asp
 
Источник
www.exploit-db.com

Похожие темы