dedecms 5.7 the background to get SHELL vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201130764
Type myhack58
Reporter 佚名
Modified 2011-06-08T00:00:00



dedecms 5.7 teach the previous version has been greatly improved,

Repair the 5. 6 The following version serious uploaded 0day; and

Quite tasteless, the premise is to have background permissions.

Since the system comes with a file Manager Plug-In does not filter the file upload and after editing save the file name,

Lead to write directly to the webshell vulnerability.

Method one: dedecms5. 7 get SHELL vulnerability that repair

Vulnerability test:

1, into the background, the default is dede, the that

The left navigation column, select the module>helper>file Manager

(System installed by default, if no Please in Plug-In Manager self-installing)>and then select the new text(or file upload)......


As above: the file name anywhere, 例如1.php; the contents of a complete sentence; a chopper connected.

Following the upload, too, is not filtered file extension, lead to upload any file.