tipask the background to get shell-vulnerability warning-the black bar safety net

ID MYHACK58:62201235318
Type myhack58
Reporter 佚名
Modified 2012-10-27T00:00:00


Recently seen is tipask system shows a vulnerability, it is said that only the root to get a shell, but looking at the background function is so rich, side dish, or try in addition to take the shell method, saying that although not pass to kill, but also can barely use with

tipask background not have sql perform the function? In the database inserted into a word, and then through the database backup feature to backup to a similar XX. ASP;_. SQL file, because the backup of database files each at the beginning of the added# <? exit();?& gt;, so only at the same time support asp IIS6 on to use. While in the database backup to verify the file name, so the needs of the local submission of breakthrough verification OK

Nothing technical content, bear with me.