Section Rezin(Kesion)CMS V5. 5 filename parsing vulnerability-vulnerability warning-the black bar safety net

2009-10-26T00:00:00
ID MYHACK58:62200925132
Type myhack58
Reporter 佚名
Modified 2009-10-26T00:00:00

Description

Section flood cms,eshop system to build the station brand. Professional open source cms projects customized services and card system, online output, online printing, advertising production, online photo ordering system provider. In the file upload process on a problem.

Upload the file that is in the current directory, such as the current directory is”/upfiles/user/registered user name”, which address that”http://www.null.com/upfiles/user/ 注册 的 用户名 /test.asp;x.jpg”

Attack demo references:

Step one: access to/user/userreg. asp registered user Step two: access/KS_editor/selectupfiles. asp, check the auto-naming options, upload named such as test. asp;x. jpg files Step three: upload of the file that is in the current directory, such as the current directory is”/upfiles/user/registered user name”, which address that”http://www.null.com/upfiles/user/ 注册 的 用户名 /test.asp;x.jpg”