Chi Sepang international series system to kill exploit 0day and fix-vulnerability warning-the black bar safety net

2011-02-19T00:00:00
ID MYHACK58:62201129231
Type myhack58
Reporter 佚名
Modified 2011-02-19T00:00:00

Description

Chi Sepang international series system to kill exploit 0day and fix Brief description: this vulnerability should be a series system to kill, in the background Annex to the upload not the file format limit, can lead to upload any type of file. Use method: can be utilized where there are two, one is the background upload attachments. Another is to directly access the http://domain name/email/upload_flash. asp or band pass function of the tools submitted to the address http://domain name/email/upfile_flash. asp; The background to upload the generated files in the upload Directory, the second at the generated files in the email directory.

Fix: the source code of the patch, limiting the relevant directory permissions.

Related process: contact smart Sepang international