|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: UPublisher Exploit - Superfreaker
me
overhere.cc
Date: Sun Dec 03 2006 - 19:27:32 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In regard to the many articles on Google:
http://www.google.com/search?hl=en&q=upublisher+exploit
Superfreaker's "UPublisher" exploit is NOT LIMITED to their "viewarticle.asp" script.
In fact, most of the product is vulnerable to SQL Injection attacks such as "index.asp" and "preferences.asp".
Two UPublisher scripts that can be hacked using the EXACT SAME METHOD you described above are:
sendarticle.asp
printarticle.asp
If your copy of UPublisher has already been hacked, be CERTAIN to review and clean the uploads folder at: /images/story_images/
In our case, the hacker was able to upload entire HTML pages ... and then reference them from their browser since they now knew the full URL to their HTML form!
# # # #
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]