hiweb cms background more permissions bypass-vulnerability warning-the black bar safety net

2012-12-18T00:00:00
ID MYHACK58:62201236236
Type myhack58
Reporter 佚名
Modified 2012-12-18T00:00:00

Description

HIWEB is an entire Station management system, many schools in use this to take the station. But this cms background the presence of many of the permissions to bypass the problem.

1. http://xxxx/hiwebcms/system/USER/

You can directly see all the background user information

2. http://xxxx/hiwebcms/system/sysSetup/filesManage.htm

You can view all of the uploaded file, anonymous users can also upload files.

3. http://xxxx/hiwebcms/system/sysSetup/sysSetup.htm

You can view the cms part of the configuration

4. http://xxxx/hiwebcms/system/USER/userConfig.htm

View the database part table structure

You can directly see all the background user information

!

You can view all of the uploaded file, anonymous users can also upload files.

!

You can view the cms part of the configuration

!

View the database part table structure

!