Exploit the possiblities
Showing 1 - 25 of 455 RSS Feed

ASP Files

ASP.NET Core 5-RC1 HTTP Header Injection
Posted Dec 23, 2016
Authored by Reto Schadler

ASP.NET Core version 5.-RC1 suffers from an HTTP header injection vulnerability.

tags | exploit, web, asp
MD5 | 28fbb855c6805f6d739cc89ce38fed04
ASP Gateway 1.0.0 Database Disclosure
Posted Oct 31, 2016
Authored by indoushka

ASP Gateway 1.0.0 suffers from a database disclosure vulnerability.

tags | exploit, asp, info disclosure
MD5 | 77c6b85e907011a63bde9b54324dac6e
CodeWarrior 0.3
Posted Sep 13, 2016
Authored by coolervoid

CodeWarrior is a manual code and static analysis tool. It has many modules, one for each common language like PHP, ASP, Ruby, C/C++, Java and Javascript. Each module has rules in raw text with parameters like description, type, reference, relevance and match (regex to detect pattern). You can also create your own rules.

tags | tool, php, javascript, asp, ruby
systems | unix
MD5 | 125797229a978f1c58e1d352c00eb34e
AfterLogic WebMail Pro ASP.NET Account Takeover / XXE Injection
Posted May 24, 2016
Authored by Mehmet Ince, Halit Alptekin

AfterLogic WebMail Pro ASP.NET versions prior to 6.2.7 suffer from an administrator account takeover via an XXE injection vulnerability.

tags | exploit, asp
MD5 | 41cc07503156fc99994ba41aa68c9031
ASP Webshell For IIS 8
Posted May 12, 2016
Authored by Savio Bot

ASP webshell backdoor designed specifically for IIS 8.

tags | tool, rootkit, asp
systems | windows
MD5 | 5b19b3cbecf0cf539f8e5a3954f4af53
ASP Forums 2.1 Database Disclosure
Posted Feb 6, 2016
Authored by indoushka

ASP Forums version 2.1 suffers from a database disclosure vulnerability.

tags | exploit, asp, info disclosure
MD5 | 9bda0cee7848574a11e6fc4425560437
ASP Dynamika 2.5 Cross Site Scripting
Posted Dec 8, 2015
Authored by T3NZOG4N, Mojtaba MobhaM

ASP Dynamika version 2.5 suffers from a cross site scripting vulnerability.

tags | exploit, xss, asp
MD5 | c9b04b24328d128f04a3a0978d658dc4
ASP Dynamika 2.5 File Upload / SQL Injection
Posted Dec 7, 2015
Authored by indoushka

ASP Dynamika version 2.5 suffers from arbitrary file upload and remote SQL injection vulnerabilities.

tags | exploit, remote, arbitrary, vulnerability, sql injection, asp, file upload
MD5 | 76dfcd46a38b6fa6cef2b01bf008adff
Kaseya VSA uploader.aspx Arbitrary File Upload
Posted Oct 2, 2015
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya VSA versions between 7 and 9.1. A malicious unauthenticated user can upload an ASP file to an arbitrary directory leading to arbitrary code execution with IUSR privileges. This Metasploit module has been tested with Kaseya v7.0.0.17, v8.0.0.10 and v9.0.0.3.

tags | exploit, arbitrary, code execution, asp, file upload
advisories | CVE-2015-6922
MD5 | 1ed310adae7ef7d86de486f92950fe9d
Numara / BMC Track-It! FileStorageService Arbitrary File Upload
Posted Oct 21, 2014
Authored by Pedro Ribeiro | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability in Numara / BMC Track-It! v8 to v11.X. The application exposes the FileStorageService .NET remoting service on port 9010 (9004 for version 8) which accepts unauthenticated uploads. This can be abused by a malicious user to upload a ASP or ASPX file to the web root leading to arbitrary code execution as NETWORK SERVICE or SYSTEM. This Metasploit module has been tested successfully on versions 11.3.0.355, 10.0.51.135, 10.0.50.107, 10.0.0.143, 9.0.30.248 and 8.0.2.51.

tags | exploit, web, arbitrary, root, code execution, asp, file upload
advisories | CVE-2014-4872
MD5 | 406dc97f0e83abf8ccd024baffb6b4d8
Telerik ASP.NET AJAX RadEditor Control 2014.1.403.35 XSS
Posted Sep 25, 2014
Authored by G. S. McNamara, Tyler Hoyle

Telerik ASP.NET AJAX RadEditor Control versions 2014.1.403.35 and 2009.3.1208.20 suffer from a persistent cross site scripting vulnerability.

tags | advisory, xss, asp
advisories | CVE-2014-4958
MD5 | beb89cba885a1201044ca7c377436e7f
Hacking ASP/ASPX Websites Manually
Posted Jun 30, 2014
Authored by Chetan Soni

This is a whitepaper that goes into detail on hacking ASP/ASPX websites manually.

tags | paper, asp
MD5 | d56d34728763832f62fc8b57670829be
Cogent DataHub Command Injection
Posted Jun 25, 2014
Authored by John Leitch, juan vazquez | Site metasploit.com

This Metasploit module exploits an injection vulnerability in Cogent DataHub prior to 7.3.5. The vulnerability exists in the GetPermissions.asp page, which makes insecure use of the datahub_command function with user controlled data, allowing execution of arbitrary datahub commands and scripts. This Metasploit module has been tested successfully with Cogent DataHub 7.3.4 on Windows 7 SP1.

tags | exploit, arbitrary, asp
systems | windows, 7
advisories | CVE-2014-3789
MD5 | d10aca0d44b8abb4b65c009880426183
DevExpress ASP.NET File Manager 13.2.8 Directory Traversal
Posted Jun 5, 2014
Site redteam-pentesting.de

DevExpress ASP.NET File Manager versions 10.2 through 13.2.8 suffer from a directory traversal vulnerability.

tags | exploit, asp
advisories | CVE-2014-2575
MD5 | e93318bb004858c2424fa43a693ab368
ASP-Nuke 2.0.7 Open Redirect
Posted Mar 28, 2014
Authored by Felipe Andrian Peixoto

ASP-Nuke version 2.0.7 suffers from an open redirect vulnerability.

tags | exploit, asp
MD5 | 320246de1354caff29a2016cda4dd56d
Kaseya uploadImage Arbitrary File Upload
Posted Dec 4, 2013
Authored by Thomas Hibbert | Site metasploit.com

This Metasploit module exploits an arbitrary file upload vulnerability found in Kaseya versions below 6.3.0.2. A malicious user can upload an ASP file to an arbitrary directory without previous authentication, leading to arbitrary code execution with IUSR privileges.

tags | exploit, arbitrary, code execution, asp, file upload
advisories | OSVDB-99984
MD5 | 593b4d4095655301ec4bee6ac4bd2eb9
FCKEditor 2.6.8 ASP File Upload Protection Bypass
Posted Nov 28, 2012
Authored by Soroush Dalili

FCKEditor version 2.6.8 ASP version suffers from a file upload protection bypass.

tags | advisory, asp, bypass, file upload
MD5 | 220d912d0f1646c9e97383f3e3f657e3
Avaya IP Office Customer Call Reporter Command Execution
Posted Oct 8, 2012
Authored by rgod, juan vazquez | Site metasploit.com

This Metasploit module exploits an authentication bypass vulnerability on Avaya IP Office Customer Call Reporter, which allows a remote user to upload arbitrary files through the ImageUpload.ashx component. It can be abused to upload and execute arbitrary ASP .NET code. The vulnerability has been tested successfully on Avaya IP Office Customer Call Reporter 7.0.4.2 and 8.0.8.15 on Windows 2003 SP2.

tags | exploit, remote, arbitrary, asp, bypass
systems | windows
advisories | CVE-2012-3811, OSVDB-83399
MD5 | ae5423b0c82a1fdd0bf9cbca67d6a136
ASP-DEv XM Forums RC 3 SQL Injection
Posted Aug 29, 2012
Authored by Crim3R

ASP-DEv XM Forums RC 3 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.

tags | exploit, remote, sql injection, asp
MD5 | c38ca2dee1a65ed11c62dcf6df06baaa
Secunia Security Advisory 50313
Posted Aug 22, 2012
Authored by Secunia | Site secunia.com

Secunia Security Advisory - A vulnerability has been reported in CuteSoft Cute Editor for ASP.NET, which can be exploited by malicious people to conduct cross-site scripting attacks.

tags | advisory, xss, asp
MD5 | c983713240217be40df9cea319b8df20
Hashes Generation And Injection Tool
Posted Aug 17, 2012
Authored by Pedro Ribeiro | Site github.com

Hashes is a cross-platform tool that generates and injects different keys with the same hash code in order to test web applications against hash collision attacks. Written in Java. Has support for Java, PHP, ASP, and V8.

tags | tool, java, web, php, asp
systems | unix
MD5 | e28efbf484734217c6b6714f69b893de
Umbraco CMS Remote Command Execution
Posted Jul 6, 2012
Authored by juan vazquez, Toby Clarke | Site metasploit.com

This Metasploit module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorised file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path traversal vulnerability, allowing code to be placed into the web-accessible /umbraco/ directory. The module writes, executes and then overwrites an ASPX script; note that though the script content is removed, the file remains on the target. Automatic cleanup of the file is intended if a meterpreter payload is used. This Metasploit module has been tested successfully on Umbraco CMS 4.7.0.378 on a Windows 7 32-bit SP1. In this scenario, the "IIS APPPOOL\ASP.NET v4.0" user must have write permissions on the Windows Temp folder.

tags | exploit, web, asp, file upload
systems | windows, 7
MD5 | 55b249c7b416e0039642bb1ad643fe1b
B2CPrint Remote Shell Upload
Posted Jun 29, 2012
Authored by Mr.XpR

B2CPrint suffers from a remote ASP shell upload vulnerability.

tags | exploit, remote, shell, asp
MD5 | f5aa295b7d93548e976624a7ec2ec038
SolarWinds Network Performance Monitor Blind SQL Injection
Posted Jun 19, 2012
Authored by Digital Defense, r@b13$ | Site digitaldefense.net

The SolarWinds Orion Network Performance Monitor 9.1 and prior contains a blind SQL injection flaw on the 'Login.asp' page. An attacker can leverage this flaw to execute arbitrary SQL commands and extract sensitive information from the backend database using standard blind SQL injection exploitation techniques.

tags | advisory, arbitrary, sql injection, asp
MD5 | 571dcd52ac4c489cb59c9bb28b2b5c46
ASP Content Management Database Disclosure
Posted Jun 19, 2012
Authored by indoushka

ASP Content Management suffers from a remote database disclosure vulnerability.

tags | exploit, remote, asp, info disclosure
MD5 | cd24b7e221cf7c7803412a996e0b1625
Page 1 of 19
Back12345Next

File Archive:

November 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    22 Files
  • 2
    Nov 2nd
    28 Files
  • 3
    Nov 3rd
    10 Files
  • 4
    Nov 4th
    1 Files
  • 5
    Nov 5th
    5 Files
  • 6
    Nov 6th
    15 Files
  • 7
    Nov 7th
    15 Files
  • 8
    Nov 8th
    13 Files
  • 9
    Nov 9th
    9 Files
  • 10
    Nov 10th
    9 Files
  • 11
    Nov 11th
    3 Files
  • 12
    Nov 12th
    2 Files
  • 13
    Nov 13th
    15 Files
  • 14
    Nov 14th
    17 Files
  • 15
    Nov 15th
    19 Files
  • 16
    Nov 16th
    15 Files
  • 17
    Nov 17th
    19 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close