Phase:Directory traversal vulnerability in AspUpload 2.1, in certain configurations, allows remote attackers to upload and read arbitrary files, and list arbitrary directories, via a .. (dot dot) in the Filename parameter in (1) UploadScript11.asp or (2) DirectoryListing.asp.
ReferencesBUGTRAQ:Friday, November 30, 2001 Aspupload installs exploitable scripts | URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100715294425985&w=2 | BID:3608 | URL:http://www.securityfocus.com/bid/3608 | XF:aspupload-upload-directory-traversal(7628) | URL:ht
Votes:Modified (Sunday, July 03, 2005)
Comments: MODIFY(1) Frech | NOOP(4) Wall, Foat, Cole, Armstrong
F7: Frech> XF:aspupload-upload-directory-traversal(7628) | XF:aspupload-directory-browsing-download(7629)