The General meta build system upload vulnerability and fix-vulnerability warning-the black bar safety net

ID MYHACK58:62201236088
Type myhack58
Reporter 佚名
Modified 2012-12-12T00:00:00


General yuan in the construction of the station system there upload vulnerability, you can directly upload any files, no filtering.

The General meta build system website, there are upload points


Type of you can use../../traverse the folder but can not directly upload shell

Need to construct from the root directory to the web storage path can only upload files.

If you want to upload the jsp file to the root directory of the site on the level of the cms file, you can upload a jsp file, no filter

As General Yuan official website:

Can upload a Jsp file.

The pictures don't know why upload can't be.

This is the official website of the test

Repair solutions:

You should modify the editor storage path, delete the upload point or to upload additional filter.