Pass to kill KesionCMS v7. 0 version, use conditions must be based on iis7. 0 erection. （A bit tasteless） it!!!
The first step: registered users: http://www.****. com /? do=reg
Second step: access to photo album directly to the point of bulk upload fake good the jpg in a word, do not select a picture library to upload）
http://www.****. com /user/User_Photo. asp? Action=Add
Third step: use iis7. 0 parsing vulnerability in win shell
Someone use this oday put the potatoes black.
The specific circumstances do not understand
Fix: use ie7, temporarily may close the register, waiting for the official patch