Upload file to cause arbitrary code execution-vulnerability warning-the black bar safety net

ID MYHACK58:62201130680
Type myhack58
Reporter 佚名
Modified 2011-05-31T00:00:00


Foxmail Server is designed for people design mail server software,offering a variety of mail services, the user can use Foxmail, Outlook and other client software to send and receive messages, also can be in a beautiful and easy to use Chinese language on the Web interface login processing mail.

user/download. asp arbitrary File Download vulnerability

user/filesMain. asp? fmFileType=image File Upload vulnerability

Due to file upload to a directory is a virtual directory,it can not be executed. But we by uploading the variables to modify to../../../to jump to the web directory