Re: UPublisher Exploit - Superfreaker

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: UPublisher Exploit - Superfreaker
From: me@xxxxxxxxxxx
Date: 4 Dec 2006 01:27:32 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

In regard to the many articles on Google: 

http://www.google.com/search?hl=en&q=upublisher+exploit  

Superfreaker's "UPublisher" exploit is NOT LIMITED to their "viewarticle.asp" 
script.

In fact, most of the product is vulnerable to SQL Injection attacks such as 
"index.asp" and "preferences.asp". 

Two UPublisher scripts that can be hacked using the EXACT SAME METHOD you 
described above are: 

sendarticle.asp 
printarticle.asp 

If your copy of UPublisher has already been hacked, be CERTAIN to review and 
clean the uploads folder at:  /images/story_images/

In our case, the hacker was able to upload entire HTML pages ... and then 
reference them from their browser since they now knew the full URL to their 
HTML form!


# # # #

Prev by Date: Vt-Forum Lite System V.1.3 Xss Vuln.
Next by Date: [Aria-Security Team] uGestBook SQL Injection Vuln
Previous by thread: Vt-Forum Lite System V.1.3 Xss Vuln.
Next by thread: [Aria-Security Team] uGestBook SQL Injection Vuln
Index(es):
- Date
- Thread