KesionCMS section of the news site management system to V7. 0 0day-vulnerability warning-the black bar safety net

ID MYHACK58:62201233583
Type myhack58
Reporter 佚名
Modified 2012-04-07T00:00:00


Pass to kill KesionCMS v7. 0 version, use conditions must be based on iis7. 0 erection. (A bit tasteless) it!!!

The first step: registered users: http://www.****. com /? do=reg

Second step: access to photo album directly to the point of bulk upload fake good the jpg in a word, do not select a picture library to upload)

http://www.****. com /user/User_Photo. asp? Action=Add

Third step: use iis7. 0 parsing vulnerability in win shell

Someone use this oday put the potatoes black.

The specific circumstances do not understand

Fix: use ie7, temporarily may close the register, waiting for the official patch