SiteServer CMS registration upload exploit-vulnerability warning-the black bar safety net

ID MYHACK58:62201027279
Type myhack58
Reporter 佚名
Modified 2010-06-19T00:00:00


SiteServer CMS 网站 内容管理系统 是 基于 微软 .NET platform development of web content management system, which integrates the content release management, MultiSite management, timing, content acquisition, timing generation, multi-server publishing, search engine optimization, traffic statistics and many other powerful features, the original STL template language, through the Dreamweaver visual plugins to be able to edit any page, display style, generating pure static pages.

Because the attachment upload not for file name filtering and auto-rename, lead 1. asp;jpg malformed file upload. Using IIS6. 0 executable code exploits take website shell.

Exploit: first go into usercenter/register. aspx to register the user, and then usercenter/login. aspx sign in the background. Enter the Management Center, select the attachment to upload the shell. asp;jpg or shell. asp;. jpg. By browsing you can get the shell address. !