dvbbs7. 0 and 8. 0 access backstage to get webshell-vulnerability warning-the black bar safety net

ID MYHACK58:62200821189
Type myhack58
Reporter 佚名
Modified 2008-11-24T00:00:00


Create a new database file, named a. mdb Create a new text file, 命名为b.txt and write the word Trojan At the command line enter the command copy a. mdb/b+b. txt/b c. mdb Get the c. mdb is already inserted into the word Trojan in the database Then in the posting the place to upload attachments, the database suffix is changed to RAR Preview the post, click on the attachment for download, you can get upload address Into the background, restore the database, enter uploaded files relative path in the target file must be written. asp format Prompt recovery is successful, the success of the Get webshell

8.0: the 2 0 0 3 System: ① Modify the forum basic settings in the Upload Directory setting is set to xxx. asp/ upload through the database to merge the ASP Trojan..change extension to upload.... You can get the Shell ② The database backup directory to/xx. the asp/1. mdb

Because DVBBS 8.0..can only backup to mdb format....

End if backpath=server. mappath(backpath) If Lcase(Mid(backpath,instrRev(backpath,".")+ 1))<>"mdb" Then response. write "save the database name is not legal" Response. End End If

Here we can put the path to the xxx. asp such as xxxx. the asp/1. mdb

  1. mdb. insert the word Trojan so is can get shell upload suffix added to php etc. After the Upload in the background Annex to the management to find the path,get the shell.