Vulnerability author: akast
Vulnerability details a brief description:
Vulnerability file:/news/index. aspx
Vulnerability variable: MenuID
Software type: business software
Vulnerability Description: You can use the injection vulnerability to get the site administrator permissions, so you can login to the website admin back-end webmanage/Login. aspx, and can obtain the webshell permissions.
Vulnerability scope: the use of Figure faction Kingtop content management software web site are potentially dangerous it!!! Vulnerability to prove:
Solution: the patch download: official not released the patch. Temporary solution: the filter index. aspx page MenuID variable input