A day with the Night chat, accidentally discovered SiteServer CMS upload vulnerability, the filter is not strictly http://demo2. siteserver. cn today to test under the main station of this presentation template
Before this app also has pop user name is not filtered strictly to be used, update the patch after the program is not registered. asp so with the point of the user, the user upload is also filtered. asp;. jpg this, just try the next, found no filter*. asa;. doc by IIS6. 0 vulnerabilities directly execute the file, so the shell came out。。。。
First register a user tick （just fill out a
To user center, upload page.
OK upload successful
Finally, directly serving knife ..
Filter strict point on the line
Author: perception of life