PHPMPS 0day-vulnerability warning-the black bar safety net

2009-12-24T00:00:00
ID MYHACK58:62200925696
Type myhack58
Reporter 佚名
Modified 2009-12-24T00:00:00

Description

Author:Minghacker From:http://www.3est.com Blog: http://yxmhero1989.blog.163.com

PHPMPS ,masterhttp://www.phpmps.com/to download. v2. 0 official version of GBK and v2. 0 full version UTF8 There are serious security risks, hope you do not destroy, and calmly wait for the official fix upgrade.

include directories under fckeditor

Structure

网址 /include\fckeditor\editor\filemanager\connectors\test.html

connectors select the php,behind the two can not move. Upload English or numeric name of the php or asp the horse was a shell, it is simple.

Upload the horse is generally not renamed, the case of the eponymous horse, then change to the array formula, it is recommended not to use the Chinese name.

The horse path directly below the empty space to view the source file. Generally the path is/data/upload/file/your horse.

Batch method;Google: the Powered by Phpmps© 2008-2009 Phpmps Inc. !

!

robots. txt also to no avail.!

To the official station, for example, {has been repaired, it has to contact the administrator, not what you want, not destroyed.}

Due to the

| wscript. shell | × | command line execution component ---|---|--- I also didn't continue to mention right now.

The server is in Beijing IDC room

Found 5 1 websites with the IP 219.232.233.133

Upset when found open 3 3 8 9, habitual 5 under the shift, appears as shown in Figure, drink, meet is...!

auto. bat and start. reg Try a couple of password did not succeed, temporarily go away, another day again.

The temporary repair method: to get to a shell after the test. html code changed <meta http-equiv='refresh' content='3;url=http://yxmhero1989. blog. 1 6 3. com'> Or Delete, if you have write permissions, or mention the right line.