ActiveWeb Professional 3.0 – Arbitrary File Upload

Exploit Database
15 阅读

作者： StenoPlasma

日期： 2011-01-25
类别：
- webapps
平台：
- cfm
来源：https://www.exploit-db.com/exploits/35256/

source: https://www.securityfocus.com/bid/45985/info

ActiveWeb Professional is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input.

An attacker may leverage this issue to upload arbitrary files to the affected computer; successful exploits will allow attackers to completely compromise the affected computer.

Lomtec ActiveWeb Professional 3.0 is vulnerable; other versions may also be affected. 

1. Go to the page http://www.example.com/activeweb/EasyEdit.cfm?module=EasyEdit&page=getimagefile&Filter=

2. Change the 'UploadDirectory' and 'Accepted Extensions' hidden form fields to upload the malicious file to the directory of interest.

last Exploits
ActiveWeb Professional 3.0 – Arbitrary File Upload的更多信息

WordPress Plugin bSuite 4.0.7 – Multiple HTML Injection Vulnerabilities：
VU Web Visitor Analyst – Authentication Bypass：
XhP CMS 0.5.1 – Cross-Site Request Forgery / Persistent Cross-Site Scripting：
SISQUALWFM 7.1.319.103 – Host Header Injection：
ResourceSpace 8.6 – ‘watched_searches.php’ SQL Injection：
EyesOfNetwork (EON) 5.1 – SQL Injection：
Facebook Profile MyBB Plugin 2.4 – Persistent Cross-Site Scripting：
Zeroshell 3.6.0/3.7.0 Net Services – Remote Code Execution：