Sky classroom file upload vulnerability-vulnerability warning-the black bar safety net

2013-02-04T00:00:00
ID MYHACK58:62201337145
Type myhack58
Reporter 佚名
Modified 2013-02-04T00:00:00

Description

Brief description:

Allow the upload of dangerous file type,this system is still a lot of Open the network course website, as shown in Figure, landing it, and now SkyDrive. Upload a PHP file, the web site didn't filter PHP file.

! 1 8-300x166. png

! 1 8-300x166. png

! 1 8-300x166. png

After entering choose to use a network disk file, and then select the php file, switching to HTML, you can see the PHP file in the server on the path, http://xxx.xxx.cn/SCR2006/Course ... 31/111026085064.php,the execution time can't seem to write php in Malaysia, write an asp up on it. The system database user is sa, a bit of it..

! 1 8-300x166. png

! 1 8-300x166. png