Persits AspUpload默认脚本利用漏洞

AspUpload 2.1版本在某些配置下存在目录遍历漏洞。远程攻击者借助(1)UploadScript11.asp 或者(2)DirectoryListing.asp的Filename参数的 .. (点 点)上传和读取任意文件以及列举任意目录的表单。

The scripts located in C:\Program Files\Persits Software\AspUpload\Samples may be deleted.

来源: BUGTRAQ
名称: 20011130 Aspupload installs exploitable scripts
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=100715294425985&w=2

来源: BID
名称: 3608
链接:http://www.securityfocus.com/bid/3608

来源: XF
名称: aspupload-directory-browsing-download(7629)
链接:http://www.iss.net/security_center/static/7629.php

来源: XF
名称: aspupload-upload-directory-traversal(7628)
链接:http://www.iss.net/security_center/static/7628.php