Good subtle Bo system upload vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201027538
Type myhack58
Reporter 佚名
Modified 2010-07-10T00:00:00


Good subtle Bo system using the upload program when it is submitted to verify the local path, causing the file name to determine the error upload 1. asp;xxx. jpg the special file name. Caused by IIS6. 0 parse error, thereby executing the asp script vulnerability. There is vulnerability file: upload\upfile_image. asp Use of premise: since the file exists in the session validation, so be the first registered user.

The process is as follows:

A registered user and logged in

! [](/Article/UploadPic/2010-7/2010710115153391.jpg)

Personality settings, custom upload


Right click, View Source, in the action behind the Supplement full URL:

Then down, came to

<input type="hidden" name="filepath" value="/UploadFile/5 8/">

Modify bit, as shown in Figure


Upload a JPG format of the horses, and then view the source code, find the horse's position on OK. !