In The Name Of God
Group:HackeranShiraz
Discoverer:SaiedHacker
*/#######>>>>>
This problem causes errors in ASP service
This Problem is because of not checking the input data
Well in uploading image files section
When the user choosing an image file in uploading section
ItÂ’s possible to pass the checking input data by injecting some
Charectors and we can easily cause the system
*/#######>>>>>
Exploit:
In the uploading field we can type this code:
C:\>.jpg
Then press the upload button
E-mail:[EMAIL PROTECTED]
Do you Yahoo!?
Get on board. You're invited to try the new Yahoo! Mail Beta.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/