The positive side of College administration management system-bug fixes-vulnerability warning-the black bar safety net

ID MYHACK58:62201233950
Type myhack58
Reporter 佚名
Modified 2012-05-23T00:00:00


The positive side of College academic management system is a student performance, the course management system, there are many colleges and universities use the academic management systems. Recently the system broke a high-risk vulnerability, an attacker can use this vulnerability to easily get the website webshell permissions. Given below the loopholes in the case and method of repair:

Vulnerability type: upload vulnerability

Vulnerability file:/ftb. imagegallery. aspx

The vulnerability is a file without any access restrictions, visitors can directly access the file, so that by files own upload function, to upload the structure of a good that can be parsed back door file.

Bug fixes: you can set the images directory script parse the permissions to none. Capable can for this file do permission authentication, to prohibit ordinary users to access.

Bug fix: contact the positive side of the company upgrade the site program