MACCMS PHP version break security dogs background get webshell-vulnerability warning-the black bar safety net

2012-10-28T00:00:00
ID MYHACK58:62201235337
Type myhack58
Reporter 佚名
Modified 2012-10-28T00:00:00

Description

Yesterday run into, the recording process, nothing of the content, similar to articles sure, any resemblance is certainly no coincidence(language is not so good, everyone will see: the

Conditions: 1, movie Station is maccms php version. 2, The server install a security Dog. 3, There is a background account password.

Of course the first step Baidu a bit, there are no related articles. Found previously to have a large cow made a upload of the vulnerability test fails, the estimate is the official has been fixed.

Into the background, can be found to edit the template, as shown below:

!

Path is: http://0855.tv/admin/admin_templates.php?action=edit&file=../template/default/html/art.html

Then the IE configuration: http://0855.tv/admin/admin_templates.php?action=edit&file=index.php Get:

!

This comparable that ShopEx background calendar times directory shoved more, not only can see the content, you can also edit. So, basically you can get a webshell. The content is not high. In order not to disrupt the program, 我打算在admin/version.php This file is written in the back door. http://0855.tv/admin/admin_templates.php?action=edit&file=../admin/version.php As shown in Figure:

!

Point save

!

Visit: http://0855.tv/admin/version.php security Dog tip interception:

!

Baidu look through the safe Dog PHP Malaysia, there are many, the following is commonly used:

!

[1] [2] next