Suning a backstage bypass arbitrary file upload-vulnerability warning-the black bar safety net

ID MYHACK58:62201559309
Type myhack58
Reporter 佚名
Modified 2015-02-22T00:00:00


Suning Plaza phone the client back-end management system you can register for an account

Then login

! Snip20150107_13. png

Point into the background is not entitled to limit access, but the system using rb to develop

The error information back to the display all the route

! Snip20150107_14. png

Vulnerability to prove:

Then you can look the map to find the function of a completely no access restrictions

Such as viewing all users to edit any user

! Snip20150107_15. png

! Snip20150107_16. png

Can any modify news prizes movie activities, etc., etc.

Arbitrary file upload unfortunately the script is not resolved, but the html is still possible