360eshop Secure Store system 0day-vulnerability warning-the black bar safety net

ID MYHACK58:62201131956
Type myhack58
Reporter 佚名
Modified 2011-09-28T00:00:00


Title: 360eshop Secure Store system 0day

Content: 360eshop security store system uses FCK compiler version:

Test platform: IIS6

Test method: ----------------------------------------------------------------------- Warning

The following test methods may carry offensive, for security research and teaching purposes. The user at your own risk!

by: HUC 0 8 team -----------------------------------------------------------------------



This two page, is the vulnerability of the key, in the format x. asa;jpg successfully uploaded, the file path is also out,

/uploadfile/FCK_201109260018186311. ASA;JPG

The keyword is not sent, or find your own.