Since the local did not install IIS official not this cms ..so to the Internet for a few this program the site test..results are exciting..
The other I didn't see..one to get to the cms the first is to see it combined with something to upload like..such as fckeditor ewebeditor
This app has a fckeditor streamline many..but also left some can take things../asp/upload. asp this file..
Directly see the use of it..
Test url:http://www. xxx. com/
fckeditor directory in the admin directory under..that is<http://www.xxx.com/admin/fckeditor/>
Directly find the connectors/asp/connector. Asp is definitely not enough..well earlier vulnerability..haven't try..skip..
We can locally construct the upload..you call the upload. asp to upload files..
<form id="frmUpload" enctype="multipart/form-data" action="<http://www.xxx.com/admin/fckeditor/editor/filemanager/connectors/asp/upload.asp?Type=File>" method="post"> Upload a new file:<br> <input type="file" name="NewFile" size="5 0"><br> <input id="btnUpload" type="submit" value="Upload"> </form>
我 首先 传 了 个 名称 为 hx.jpg 的 图片 上去 .. 路径 为 images/uploadfile/2009120114364991.jpg rename..
What should I do?? Dizzy..I then spread a hx. asp;hx. jpg files..as shown:
Actually succeeded..Oh..and then called hello! Pass the word up..as shown:
Then he passed a pony up there are OK..as shown:
Finally a sense of:about the fckeditor and some version will put " . "(Points)turn into a" _ " to bypass the method is:in the Local the horse is named hx. asp;jpg
jpg front of had a point..to remove it you can easily bypass..the test is successful over yxbbs vulnerability was noted.
There can be a secondary upload bypass.... OK