Kingdee Apusic Web framework for the backend to get the site webshell and repair-vulnerability warning-the black bar safety net

ID MYHACK58:62201232931
Type myhack58
Reporter 佚名
Modified 2012-01-18T00:00:00


Apusic Web Management Console

Default background address: admin/login. jsp

The default management account password: admin admin

Use method: the background has to execute SQL statements, also have to load anything. Specific words have forgotten~

Find Upload, a loaded God horse, just look to the“Browse”word, you know. The establishment of a goner named t00ls,and then a war in the suffix of the JSP right away.

webshell default path is:t00ls/war horse names. jsp


Provide repair solutions:

Modify the default account password. Don't know can pay filter war suffix