Journal newspaper system Fckeditor-0day-vulnerability warning-the black bar safety net

2011-01-26T00:00:00
ID MYHACK58:62201128948
Type myhack58
Reporter 佚名
Modified 2011-01-26T00:00:00

Description

Published author: love letters

Affected versions: JournalX 2.0 Official website:<http://www.magtech.com.cn/>

PRODUCT DESCRIPTION:

JournalX 2.0 first for Publishing/Group, Journal of Industry, introduced the overall solution. There are already in all over the country 6 0 0 more than magazine, more than a dozen publishers.

google or baidu keyword: inurl:volumn/current_abs. shtml

因 FCKeditor/myconfig.js the filter does not strictly lead to upload any format file.

In the Web root directory to access /FCKeditor/editor/filemanager/browser/default/browser. html? Connector=connectors/jsp/connector

Upload JSP the horse = system permission.

After the upload access path:<http://www.xxx.com/UserFiles/File/> the horse's name. jsp