This exploit demonstrates a remote file upload vulnerability in Asset Manager, allowing an attacker to upload a malicious file (e.g., dz4all.asp;.jpg) via the assetmanager.asp endpoint. The vulnerability is exploited by bypassing file extension restrictions, leading to potential remote code execution (RCE).
Classification
Working Poc 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target:Asset Manager (version unspecified)
No auth needed
Prerequisites:Access to the assetmanager.asp endpoint