SiteServer CMS 3.5 background upload WEBSHELL-vulnerability warning-the black bar safety net

2013-01-28T00:00:00
ID MYHACK58:62201337008
Type myhack58
Reporter 佚名
Modified 2013-01-28T00:00:00

Description

Version number: SiteServer CMS 3.5

Background,Upload a single GIF format Trojan.

Then,through the site, file management,modify the file name,you can modify the picture Trojan horse in the format **. aspx

Version number: SiteServer CMS 3.5

http://demo2.siteserver.cn/siteserver/login.aspx

Account: siteserver/siteserver1

Background,publish content,Upload a single GIF format Trojan.

Then,through the"site management" - "functions of management" - a"site file management"---find upload the GIF file,via"file attribute view" and then renamed. Modified for**. aspx

Upload WEBSHELL success.

May be the web. conf file renamed to web. rar then download,you can know the database account password.

!

!