Wind noise browse the directory to create the file vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201130406
Type myhack58
Reporter 佚名
Modified 2011-05-10T00:00:00


Brief description: By testing found that the program FolderImageList. asp FolderImageList. asp FileManage. asp several scripts in process user submitted a malicious path parameter does not control the filter, the attacker can make the server the current view, create and other operations, a malicious attacker may use this flaw to conduct script Trojan is created use of, causing the server to be controlled. Detailed description: First register user name log in I after executing the below commands on it

1 visit the directory file <>

2 Create a directory <>

3 to modify a directory name 2 3 4 5 6&NewFileName=6 5 4 3 2 1 Vulnerability response Vendor response: Failure to contact the vendors or manufacturers actively refused it