Micro's Articles system v1. 5 1 vulnerability-vulnerability warning-the black bar safety net

2009-06-01T00:00:00
ID MYHACK58:62200923418
Type myhack58
Reporter 佚名
Modified 2009-06-01T00:00:00

Description

This system previously it was analysed today see with the updated version so download the back to see

The previous vulnerability is up, but new holes came a is upload vulnerability A is background injection

The first says that transfer in /manage/video/upfile_soft. asp does not contain the authentication file

gl. the asp but on the code written is not rigorous causing serious vulnerability see the following code:

if fileEXT="asp" or fileEXT="asa" or fileEXT="aspx" then response. write "<font size=2>File format is not [ <a href=# onclick=history. go(-1)>re-upload</a> ]</font>" response. end end if

The error committed is too low, we can upload cer php and other file formats to achieve evil purposes:

Open http://localhost/manage/video/upload_soft.asp directly upload cer

In down folder also has the same vulnerability

Estimated is the author of too careless of the background verification file in many places not included not included place also has injection vulnerability

It's so"clever"! The vulnerability appears in the /manage/ClassModifySmall. asp

Construct a http://localhost/manage/ClassModifySmall.asp?SmallClassID=1

Injected into the right tools are able to run.. front Desk security cannot cover the background of the shabby.