Discuz! NT 3.0 special circumstances the use of vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62200925267
Type myhack58
Reporter 佚名
Modified 2009-11-13T00:00:00


Test environment: WINDOWS2003+IIS6 Vulnerability version:3.0.0 The use of the process: Prepare a Only ASP. Encrypted named:smxiaoqiang_cn. asp Open forum - >landing on a post of the account - >any area posted by - >point[bulk upload] You will be prompted to install a Microsoft Silverlight plug-in...install... After the installation is complete. The smxiaoqiang_cn. asp renamed. For:1. asp;jpg And then use the bulk upload. Select the renamed file. Uploaded to[my attachment]. You can see the address.. Note:1. asp I if used without the key words of pass up will be automatically named. Not reported to the official. The official presence of the vulnerability. But the official is iis7 // by 1 9 4 3 http://www.smxiaoqiang.cn