Shell upload aspx site.

Hi All, Just wondering if anyone can help with getting a shell uploaded into an apsx website. Strictly legit of course, problem is, can uploaded text files, and htm etc, but cant seem to get the aspx shell file in there, tried to alter the file type and name with burp proxy, and tried altering th file type/name before shell upload, but its stripped out by some antivirus on the server side.

Just wondering any other tricks people know of? There is also no option to alter the filename once up, tried that one too :D

Thanks

haklite wrote: Hi All, Just wondering if anyone can help with getting a shell uploaded into an apsx website. Strictly legit of course, problem is, can uploaded text files, and htm etc, but cant seem to get the aspx shell file in there, tried to alter the file type and name with burp proxy, and tried altering th file type/name before shell upload, but its stripped out by some antivirus on the server side.

Just wondering any other tricks people know of? There is also no option to alter the filename once up, tried that one too :D

Thanks

I have never done this, and I don't know anything about it in detail, but a friend uploaded a shell hidden in a img file once, and gained access to the temp folder on that site, where the images were stored. You could try that.

Hi, thanks for coming back to me :D Well, I had to encode certain parts of the script to get it up there, but I got it up there all the same in the end, and access outside web root also, Jackpot! XD

Never heard of a burp proxy. Learn something new everyday I guess.

My fav inclusion exploit of all time is including the error log. I hope the guy that published it got mad vagoo. :P