The hospital was built Station system arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

2012-09-13T00:00:00
ID MYHACK58:62201234923
Type myhack58
Reporter 佚名
Modified 2012-09-13T00:00:00

Description

|

Vulnerability file: upfile. aspx I first posted 9 8 line to 1 3 0 lines of code out ,look a bit funny!

Google for: inurl:cms/Column. aspx? that inurl:cms/Column. aspx? LMID= too much,your own to find more keywords!

| 0 1 | } ---|---

0 2 | function chkform() ---|---

0 3 | { ---|---

0 4 | ---|---

0 5 | if ($("fm_file"). value=="") ---|---

0 6 | { ---|---

0 7 | // alert("please click[Browse...]button, Select you want to upload the file!"); ---|---

0 8 | return false; ---|---

0 9 | } ---|---

1 0 | else ---|---

1 1 | { ---|---

1 2 | <%if (r_show=="picture" || r_show=="picture1"){%> ---|---

1 3 | if (! ($("fm_file"). value. substr($("fm_file"). value. length-3). toLowerCase() ---|---

1 4 | =="jpg" ---|---

1 5 | || $("fm_file"). value. substr($("fm_file"). value. length-3). toLowerCase()=="gif" ---|---

1 6 | || $("fm_file"). value. substr($("fm_file"). value. length-3). toLowerCase()=="png" ---|---

1 7 | || $("fm_file"). value. substr($("fm_file"). value. length-4). toLowerCase()=="jpeg" ---|---

1 8 | ) ) ---|---

1 9 | { ---|---

2 0 | alert("Upload file error!\ n must Upload a picture format file(. jpg ; . gif ; . png ; . jpeg).") ---|---

2 1 | $("fm_file"). value=""; ---|---

2 2 | return false; ---|---

2 3 | } ---|---

2 4 | ---|---

2 5 | ---|---

2 6 | <%} %> ---|---

2 7 | ---|---

2 8 | <%if (r_bz!="") {%> ---|---

2 9 | $("fm_bz"). value=$("<%=r_bz%>"). value; ---|---

3 0 | <%} %> ---|---

3 1 | return true; ---|---

3 2 | } ---|---

3 3 | } ---|---

Suffix didn't verify - -! Exploit: upload page: http://www.xxx.com/xtwh/upfile.aspx directly upload aspx Malaysia, the