“aspydrv.asp;.jpg”

Was reading this article about an alleged Anonymous hacker uploading a file “aspydrv.asp;.jpg” onto servers to compromise them.
This piqued my interest. I Googled the above file and found numerous sites hosting this file. Further research educated me that using the ";.jpg" at the end of the ASP file can fool insecure IIS servers.
Accessing one of the vulnerable sites, I try uploading a test ASP page written by my buddy, Simon, and the file successfully bypasses the file type check. I click on the uploaded ASP page and the "Hello World" message is published on my browser.
It is a simple trick to gain control of a vulnerable webserver but timely patching and hardening will thwart this threat.

1 comment:

  1. Thanks for the article. Useful when you encounter this type of files

    ReplyDelete

VMware Workstation Pro is now free for personal use!!!

VMware Workstation Pro is now free for personal use!!!  However, it was not straight forward to install on Ubuntu as I encountered error mes...