The WSS project management system Post get shell-vulnerability warning-the black bar safety net

ID MYHACK58:62201337428
Type myhack58
Reporter 佚名
Modified 2013-02-21T00:00:00


The POST data

Vulnerability file to execute arbitrary suffix of the file to save

漏洞 文件 /chart/php-ofc-library/ofc_upload_image.php


/chart/php-ofc-library/ofc_upload_image.php?name=hfy.php hfy.php file name

Post any data

保存 位置 http://localhost/chart/tmp-upload-images/hfy.php



The latest version of wss vulnerability file, even the pay version is also available in the new store deployment of the demo~

<? php


// In the Open Flash Chart -> save_image debug mode, you

// will see the 'echo' text in a new window.



print_r( $_GET );

print_r( $_POST );

print_r( $_FILES );

print_r( $GLOBALS );



[1] [2] [3] next