KingCMS ASP 5.0/5.1 vulnerability

KingCMS ASP is based on ASP+ACCESS framework of a very good CMS system, the reception is all static processing, the new generation of KingCMS provides a better interface, more development leeway, more powerful expansion capability, and now also by many webmasters welcome. But in the absence of the correct settings for the system case will burst a fatal weakness, especially for the comparison of the lazy webmasters.

Vulnerability is not a 0day, but it has 0day hazard effect, mainly due to the management for the background path and editor path changes, the system is the use of FCKeditor editor, this editor of the vulnerability we are more familiar with, the following will give a specific use of the method.

The use of a precondition: the administrator did not change the background path and FCKeditor editor path changes.

Background address: the default is/admin/system/login. asp, enter the admin path can be automatically jump to the landing port.

Editor path:/admin/system/editor/

Use way: visit http://www. xxx. com/admin/system/editor/FCKeditor/editor/filemanager/connectors/asp/connector. asp? Command=CreateFolder&Type=Image&CurrentFolder=/qing. asp&NewFolderName=qing. asp after in/up_files/image/directory create a plaintext qing. asp folder.

Then visit http://www. xxx. com/admin/system/editor/FCKeditor/editor/filemanager/browser/default/browser. html? Type=Image&Connector=../../connectors/asp/connector. asp, select the newly created qing. asp folder and Upload picture Trojan, you can upload that contains the word content of the picture, and then use the word client connections.

In addition, the system background is also more vulnerable, if successful landing back to get webshell is relatively simple, in the background there is a webftp function, you can upload any file. The default database address/db/King#Content#Management#System. mdb, the download time will be#replaced with%2 3 After the download.

For the system keyword is not determined down, mainly is the system is not good to determine the keywords, the reception is all static, and interested friends can go to the official website to download the A to study, the website address:

Temporary solution:

Change the background path and FCKeditor editor path changes