MACCMS PHP version break security dogs background get webshell-vulnerability warning-the black bar safety net

ID MYHACK58:62201235337
Type myhack58
Reporter 佚名
Modified 2012-10-28T00:00:00


Yesterday run into, the recording process, nothing of the content, similar to articles sure, any resemblance is certainly no coincidence(language is not so good, everyone will see: the

Conditions: 1, movie Station is maccms php version. 2, The server install a security Dog. 3, There is a background account password.

Of course the first step Baidu a bit, there are no related articles. Found previously to have a large cow made a upload of the vulnerability test fails, the estimate is the official has been fixed.

Into the background, can be found to edit the template, as shown below:


Path is:

Then the IE configuration: Get:


This comparable that ShopEx background calendar times directory shoved more, not only can see the content, you can also edit. So, basically you can get a webshell. The content is not high. In order not to disrupt the program, 我打算在admin/version.php This file is written in the back door. As shown in Figure:


Point save


Visit: security Dog tip interception:


Baidu look through the safe Dog PHP Malaysia, there are many, the following is commonly used:


[1] [2] next