IIS7. 5 parsing vulnerability that occurs in FCKeditor editor-vulnerability warning-the black bar safety net

2012-08-27T00:00:00
ID MYHACK58:62201234724
Type myhack58
Reporter 佚名
Modified 2012-08-27T00:00:00

Description

http://www.xxx.com/fckeditor/editor/fckeditor.html

!

Under the image Upload button jumped out of the upload page, browse--see the directory. Blank, not the former come through.

Decisive attempt to direct the horse, and Type Error=a failure, built a asp directory only to think of it is iis7. 5 of Simon, passed the picture test, is to rename. A little fucked up, jump to the test. Html upload page, find the aspx upload page is down, try to test the asp, The also in File Transfer, transfer pictures, and a variety of pass, NND, no fruit.... and

Continue to jump back to the file browse page, knowing that IIS7. 5 parsing vulnerability wood, or put a horse named 1. asp;. jpg pass, normal upload. But it's a little fucked up, see Figure

!

The file extension is not followed, leave a number. Remember I haven't seen anything like this. Baidu to find the next, did not see there. The first thought is to have holes, and continue to change the file name to test。。。。 Once, twice, three times,。。。。 See the following figure for.

!

The basics are to be added later; no, test dozens of features. The various alternatives a variety of, and finally a little closer. Look at that.; a file, slightly changed, changed to a. aspx. a;. a.aspx.jpg..jpg finally, I want to the effect, that is, on the figure and finally the aspx file, the excitement of the open, see look at my cute pony, wow Kaka。。。。 Directly on the Malaysian

So, iis7. 5+FCK parse the file is: a. aspx. a;. a.aspx.jpg..jpg