XXX shop management system 9. 0------0DOY-vulnerability warning-the black bar safety net

2009-12-08T00:00:00
ID MYHACK58:62200925537
Type myhack58
Reporter 佚名
Modified 2009-12-08T00:00:00

Description

by:Men_Si

Since the local did not install IIS official not this cms ..so to the Internet for a few this program the site test..results are exciting..

The other I didn't see..one to get to the cms the first is to see it combined with something to upload like..such as fckeditor ewebeditor

upload. asp.....

This app has a fckeditor streamline many..but also left some can take things../asp/upload. asp this file..

Directly see the use of it..

Test url:http://www. xxx. com/

fckeditor directory in the admin directory under..that is<http://www.xxx.com/admin/fckeditor/>

Directly find the connectors/asp/connector. Asp is definitely not enough..well earlier vulnerability..haven't try..skip..

We can locally construct the upload..you call the upload. asp to upload files..

Use code:

<form id="frmUpload" enctype="multipart/form-data" action="<http://www.xxx.com/admin/fckeditor/editor/filemanager/connectors/asp/upload.asp?Type=File>" method="post"> Upload a new file:<br> <input type="file" name="NewFile" size="5 0"><br> <input id="btnUpload" type="submit" value="Upload"> </form>

As shown:

!

我 首先 传 了 个 名称 为 hx.jpg 的 图片 上去 .. 路径 为 images/uploadfile/2009120114364991.jpg rename..

!

What should I do?? Dizzy..I then spread a hx. asp;hx. jpg files..as shown:

!

Actually succeeded..Oh..and then called hello! Pass the word up..as shown:

!

Then he passed a pony up there are OK..as shown:

!

Finally a sense of:about the fckeditor and some version will put " . "(Points)turn into a" _ " to bypass the method is:in the Local the horse is named hx. asp;jpg

jpg front of had a point..to remove it you can easily bypass..the test is successful over yxbbs vulnerability was noted.

There can be a secondary upload bypass.... OK