The secondary discovery of Taoyuan Network Hard Disk vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:6220066541
Type myhack58
Reporter 佚名
Modified 2006-01-21T00:00:00


Himself in the first 1 0-term on the Black anti was published in Taoyuan Network Hard Drive related vulnerabilities. Immediately notify the Taoyuan official fix for the related vulnerability. Recently, after work bored, just re-download the Taoyuan Network Hard Drive latest version 2. 5 to conduct a comprehensive inspection. Found that although the patch with a“.”, and Save and download the site configuration file and database vulnerabilities. But with other methods as a test after the discovery, the sweat. Or the existence of related vulnerabilities, there is the can configuration code, any view Network Hard Drives all files of source code and configuration files and databases. Good, into the chase. In order to give a realistic visual effect, specially in the official detailed testing. The first is upload vulnerability, where the official has been put on the latest version of the V2. 5. Where the“.” To break through the vulnerabilities don't exist. So I used the other method. First, the first operation is to upload the ASP file to rename. Method is the name suffix add a ASP. ASP.

Good, then you upload. In uploaded, the previous is with a punctuation you can break the upload, now the extension added more than one ASP on the line. And then for this just upload the file is renamed, the file will be changed back to ASP.

Next, just like the tenth description of the vulnerabilities, the file is edited save it.

Okay, here is the use of a modified extension to repeat you can break the upload limit. It says here or upload vulnerabilities. Below is the direct access to Taoyuan Network Hard Disk directory for any file of the source code. First review, I was in the tenth period that can be submitted directly to the download its disk configuration file with the database. But in the new version of basically patching up, now hit the full path will prompt the file does not exist. But in the new version, although not a direct download, but you can use“../../”to the site directory to jump to Can Can online the disk directory any a file for editing. What's not too believe? See, the Submit code is as follows: editfile. aspx? file=../../web. config&path=/。 See? Now use the jump will be able to configure the file for editing. Now the database name to know, in code written to the database name. What's up, is it possible to directly view the web site database. The back of how I don't need to say it. If you want to be each other's Network Hard Drive home to be modified, it will submit the file“index. aspx”Oh. When you have finished modifying to save on the line. The above presented technology is not new, but from the 9 month notice Taoyuan official, and later at the home page mentioned in the patch upload vulnerability with the storm library vulnerability. But not really completely repair it we all know it, change is another way you can breakthrough. And this kind of method on the part of the upload system in the presence of Oh. Everyone after the test necessary to pay attention Oh.