An electronic network Cms 0DAY-vulnerability warning-the black bar safety net

ID MYHACK58:62201026862
Type myhack58
Reporter 佚名
Modified 2010-05-06T00:00:00


Night bored, come up with a Shell, flipped, found a new** it.

Don't know which home system, then Google a bit. Discover seems to be what is called an electronic website system.

The main vulnerability is still that dynamic shopping upload, for a while it got more than a dozen Shell, including a server.

The upload page is: admin/upfile_flash. asp

Keywords: inurl:products. asp? prolenid=

Or: inurl:product. asp? smtid=

The use method is very simple, see Figure !