Tech-ex CMS website system 0day releases-vulnerability warning-the black bar safety net

2011-07-09T00:00:00
ID MYHACK58:62201131180
Type myhack58
Reporter 佚名
Modified 2011-07-09T00:00:00

Description

Keywords: Powered By KesionCMS V5. 5 inurl:User/UserReg. asp

Step one: access to/user/userreg. asp registered user

Step two: access/KS_editor/selectupfiles. asp, check the auto-naming options, upload named as X. asp;X. jpg files

Step three: access the Upload file path xm. asp;xm.jpg

/Upfiles/User/username/xm. asp;xm.jpg