Publishing author: Net. Edit0r
Affected versions: SOOP Portal 2.0
Official address: upload/2 0 1 0/1 2/2 0 1 0 1 2 0 7 1 9 4 0 2 9 3 6 8 6. jpg can be uploaded and executed.
Google Dork : "SOOP Portal 2.0"
1. Register On Site //the first step to register as a website member;
The second step, log in to the member center;
3. Current avatar [ Browse/Upload ]
The third step is to browse upload;
The fourth step comes into the picture upload;
4. Asp renamed via the . asp;. jpg (shell. asp;. jpg)
Choose a shell. asp;. jpg //IIS parsing vulnerability
5. http://www.heimian.com/uploads/ [You can get the address at theSee Shell Shell upload]
//Step six to see the shell path
6. In this section, file in the folder that you have selected inthe previous section is placed .
Seventh: the Upload Directory
7 . Example URL : http://server/uploads/