YOTHCMS guestbook write horse vulnerabilities and fixes-vulnerability warning-the black bar safety net

2011-10-20T00:00:00
ID MYHACK58:62201132093
Type myhack58
Reporter 佚名
Modified 2011-10-20T00:00:00

Description

Some time ago released this system to traverse a directory problem. Feedback after the official has been amended.

Today stumbled upon a new version of the Yothshop Mall system, can be found in

Database inserted into a word, and a successful connection. Affect all versions.

Official website: http://www.yoth.net

Demo: the http://cms.yoth.net

Proof:

Message to write on Word, then chopper connection:

http://xxx/0gucci/%23da%23%ta23%/23%db_23%data23%23%.asa

Fix:

Filtering, renaming, database anti download.

A vulnerability has been feedback official technician. Please upgrade to the latest version.

inurl:Tags/pro_cont. asp? id=