How is it possible to execute asp code without using the chars '<' and '>' as they get filtered to &gt; and &lt;. Apparently its possible to use asp code and get extra info/update info in the database. I have no clue on asp, anyone know asp ?

I don't think that's possible. You have to find a way to get around the filter. Maybe try some unicode characters with 0x3c and 0x3e as the low/high byte.

I think it is possible .... I you mean with "without using" that you don't type this in

(I personally never coded asp, so I don't realy know)
perhaps something like that:
<[Variable you can exploit]>

asp == visual basic embedded in webpages afaik

I haven't really touched asp so i dont know much about it, someone i know has managed to exploit something using asp code (so he says), but i cant seem to figure it out because the tags '<' and '>' are filtered, also the '-' is filtered. The img include tag only accepts REAL images otherwise it displays an 'error' message, so im basically stuck. I guess ill read up on some tuts about asp.

Thanks

Edit: The img tag only checks the ext so i guess i can try creating something to include

if you have a problem uploading "valid" images, try this tutorial. there's a bit in it about exploiting an image's (in this instance a gif) comment to execute code. sure, it might be a paper on php, but i'd assume the same might hold for some other languages?

hxxp://www.milw0rm.com/papers/164