Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure expl

from [inge_eivind . henriksen] Network Security [Permanent Link]
Subject: SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit
Date: 30 Dec 2006 13:21:57 -0000 
** Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at 
http://ingehenriksen.blogspot.com/ **

Advisory Name: SoftArtisans FileUp(TM) viewsrc.asp remote script source 
disclosure exploit
Tested and Confirmed Vulerable: SoftArtisans SAFileUp(TM) 5.0.14 (Standard)
Severity: High
Type: Script source disclosure

From where: Remote 

Discovered by: Inge Henriksen (http://ingehenriksen.blogspot.com/) 
Vendor Status: Notified 
Overview: 

SoftArtisans SAFileUp(TM) is a popular web server component for transactional 
uploading of files to a web server using a web browser.

When installing SoftArtisans SAFileUp(TM) you should avoid installing the 
samples as viewsrc.asp can let remote anonymous users see script source code or 
configuration settings outside the /SAFileUpSamples virtual directory. This is 
accomplished by modifying the "path" query variable to point to files outside 
the designated directory. A web browser from a remote location is a sufficient 
tool to see the source code or configuration settings in plain text.

** Inge Henriksen Security Advisory - Full Disclosure Proof of Concept at 
http://ingehenriksen.blogspot.com/ **
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • SoftArtisans FileUp(TM) viewsrc.asp remote script source disclosure exploit, inge_eivind . henriksen <=
Previous by Date:  MythControl (MythTV remote control) arbitrary code execution, sapheal
Next by Date:  [vuln.sg] iso_wincmd Plugin for Total Commander Buffer Overflow Vulnerability, vulnpost-remove
Previous by Thread:  MythControl (MythTV remote control) arbitrary code execution, sapheal
Next by Thread:  [vuln.sg] iso_wincmd Plugin for Total Commander Buffer Overflow Vulnerability, vulnpost-remove
Indexes:  [Date] [Thread] [Top] [All Lists]