360eshop Secure Store system 0day-vulnerability warning-the black bar safety net

2011-09-28T00:00:00
ID MYHACK58:62201131956
Type myhack58
Reporter 佚名
Modified 2011-09-28T00:00:00

Description

Title: 360eshop Secure Store system 0day

Content: 360eshop security store system uses FCK compiler version: 2.6.4.1

Test platform: IIS6

Test method: ----------------------------------------------------------------------- Warning

The following test methods may carry offensive, for security research and teaching purposes. The user at your own risk!

by: HUC 0 8 team -----------------------------------------------------------------------

http://www.unhonker.com/expansion/fckeditor/editor/filemanager/connectors/test.html

http://www.unhonker.com/expansion/fckeditor/editor/filemanager/connectors/uploadtest.html

This two page, is the vulnerability of the key, in the format x. asa;jpg successfully uploaded, the file path is also out,

/uploadfile/FCK_201109260018186311. ASA;JPG

The keyword is not sent, or find your own.