Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I\'m able to upload any file to an ASP webapp/IIS server. My first though is to

ID: 662106 • Letter: I

Question

I'm able to upload any file to an ASP webapp/IIS server. My first though is to upload an ASP shell but I don't know where the file has been uploaded.

I have written a Python script that beggining with the URLs dumped by ZAP, makes requests to any known folder looking for my ASP file. For example, if I have the following URLs /dashboard and /images and my shell is called myshell.asp my script requests for:

/dashboard/myshell.asp /dashboard/files/myshell.asp /dashboard/downloads/myshell.asp /images/myshall.asp /images/files/myshall.asp /images/downloads/myshell.asp

But I was unable to find the file.

I know that there exist certain special files that if present in a subdirectory have special meaning like: .htdocs. But if I don't know the path I don't know how to exploit this.

Is this scenario exploitable? How?

Explanation / Answer

It really all depends on the configuration of the system you are trying to attack. The fact that you are allowed to upload a file of any type or size (as indicated in your question) is promising. Most file upload vulnerabilities are stopped at the validation level. The most straightforward way is what you are doing right now, to see if you can access the file you uploaded, but there may be other unknown attack vectors present. For example, maybe the uploaded files are accessed by staff, or the owner of the web server and you can upload something that will help exploit when ran. For the time being, I recommend you keep trying directory busting to discover a possible directory where you can find your uploaded file. You can use tools such as Burp Suite's intruder or Dirbuster. To directly answer your question if it is exploitable or not is not possible. Stay vigilant and get creative with your exploits. Good luck!

Related Questions

I\'m a freelancer, a company I\'m working with (which has a government as custom
Question #651030
I\'m a freshman CS student at my university and i\'m struggling with understandi
Question #652878
I\'m a front end developer...I\'ve never done ANY backend, although I did take a
Question #651505
I\'m a horrible American. My expat child is now about to progress to the third g
Question #661457
I\'m a junior in college majoring in Computer Science. Apart from writing lots o
Question #654650
I\'m a junior member of a lab here in Cambridge and work on breast cancer. We us
Question #46426
I\'m a layman without a university background in physics / math. Since I don\'t
Question #2284523
I\'m a little bit researching about digestion of protein but I\'m confused. I\'m
Question #6408
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I\'m a year-full member (that means I paid for the year membership). Can Chegg h
Next
I\'m about to extend a system containing two separate systems. Or domains, if we

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.