South Korea Forum program Artyboard 0day-vulnerability warning-the black bar safety net

ID MYHACK58:62201129092
Type myhack58
Reporter 佚名
Modified 2011-02-08T00:00:00


Artyboard is Korea relatively early have an ASP language to get the forum,widely used in South Korea small website.


A vulnerability exists in the Page editor/editor_flash. asp

Without verification you can upload, and upload to the root directory after the file name not be changed,in combination with IIS6 parsing vulnerability after the formation of the present vulnerabilities.

Use method: First, open the editor/editor_flash. asp page to upload X. asa;. swf Second, the shell of the address http://simple/X. asa;. swf