Chi Sepang international series system to kill exploit 0day and fix Brief description: this vulnerability should be a series system to kill, in the background Annex to the upload not the file format limit, can lead to upload any type of file. Use method: can be utilized where there are two, one is the background upload attachments. Another is to directly access the http://domain name/email/upload_flash. asp or band pass function of the tools submitted to the address http://domain name/email/upfile_flash. asp; The background to upload the generated files in the upload Directory, the second at the generated files in the email directory.
Fix: the source code of the patch, limiting the relevant directory permissions.
Related process: contact smart Sepang international