Panshi China asp the backstage management system upload vulnerability and fix-vulnerability warning-the black bar safety net

2011-04-21T00:00:00
ID MYHACK58:62201130149
Type myhack58
Reporter 佚名
Modified 2011-04-21T00:00:00

Description

By: Red snow

Official: http://www.chpanshi.net/

Ver: asp Enterprise version, the background structure is substantially a touch of the same.

Large cattle bypass, this no technical content, just speak from experience, guys don't yell at me for. (Thank you Allen upx8 invitation code

Nothing else, open the website you see a company advertising sites, the operation started out as a business partner(mouse)for itssecurity testing.

Just one look, the background path is http://www. xxxx. net/psadmin/ (background name substantially uniform)

Habitual use admin admin to get in this is the human nature of laziness)

To Tinker a lot to see is ew2. 8. 0 version of the database mdb was changed to asa.

Look under upload vulnerability does not, it really can be its own structure, put the jpg into asp OK, I tried a few, some to background privileges, and some can bypass the background directly upload.

EXP: the http://www.xxxx.net/psadmin/inc/sctp.asp?formname=form1&editname=proPic&uppath=upfile/products&filelx=asp|[soar://www. xxxx. net/psadmin/inc/sctp. asp? formname=form1&editname=proPic&uppath=upfile/products&filelx=asp|aspx&enFileSize=1 0 4 8 5 7 6