VULHUB ™

AspUpload is an ASP extension which allows remote users to upload files through html forms. One sample script installed with AspUpload allows a user to upload a file to the directory c:\upload on the web server. This script accepts the file name to be uploaded as a hidden form value. This file name is vulnerable to a ../ directory traversal attack, allowing the remote user to specify any file on the c: drive. A second sample script allows a remote user to browse directories, and download any file located on the server. Version 3.0 of AspUpload may also contain these sample scripts.

AspUpload is an ASP extension which allows remote users to upload files through html forms. One sample script installed with AspUpload allows a user to upload a file to the directory c:\upload on the web server. This script accepts the file name to be uploaded as a hidden form value. This file name is vulnerable to a ../ directory traversal attack, allowing the remote user to specify any file on the c: drive. A second sample script allows a remote user to browse directories, and download any file located on the server. Version 3.0 of AspUpload may also contain these sample scripts.