dedecms 5.7 teach the previous version has been greatly improved,
Repair the 5. 6 The following version serious uploaded 0day; and
Quite tasteless, the premise is to have background permissions.
Since the system comes with a file Manager Plug-In does not filter the file upload and after editing save the file name,
Lead to write directly to the webshell vulnerability.
Method one: dedecms5. 7 get SHELL vulnerability that repair
1, into the background, the default is dede, the http://www.soocf.com/dede that
The left navigation column, select the module>helper>file Manager
(System installed by default, if no Please in Plug-In Manager self-installing)>and then select the new text(or file upload)......
As above: the file name anywhere, 例如1.php; the contents of a complete sentence; a chopper connected.
Following the upload, too, is not filtered file extension, lead to upload any file.