Destoon B2B 2014-05-21最新版csrf getshell

简要描述： 上传问题+csrf+后台任意命令执行 = csrf getshell 详细说明： 先说上传问题，自带的fck编辑器没有验证上传图片的合法性，只判断了后缀名。 可以通过上传一个.jpg后缀的swf来进行csrf 然后是后台命令执行 /member/admin/sendmail.inc.php 行151 default: ifisset$send ifisset$preview && $preview $content = stripslashes$content; if$template if$sendtype == 2 $emails = explode"\n",...

The movable section(dkcms)vulnerability-vulnerability warning-the black bar safety net

The main is almost 3 versions of main, v2. 0 v3. 1 v4. 2 Google keyword: powered by dkcms The website turned out to find the source code download, Baidu, download this 3 source code, as is the asp source code, mostly to look at the default database, what are the three default database V2. 0...

AspCms_v1. 5_2011. 0 3. 0 3 0day vulnerabilities-vulnerability warning-the black bar safety net

AspCmsv1. 52011. 0 3. 0 3 0day vulnerabilities akastN. S. T Adescription ASPCMS is composed of Wuhan on the valley network Technology Co., Ltd. based on ASP+Accesssql2000developed and fully open-source set of built Station system, mainly for enterprises to quickly build simple, efficient, easy to...

The path separator"\"with"/"in the Web of induced vulnerability-vulnerability warning-the black bar safety net

Whether is under windows the path separator""or linux"/", this is not a serious problem, but in the web of the upper surface of the opening will appear a lot of"bugs", if the web Developer did not consider this issue, then may appear very serious bug. In the VC code\ \ \is an escape character,...

BigAce 2.7.5 content management system, FCK editor upload vulnerability-vulnerability warning-the black bar safety net

BigAce 2.7.5 content management system, FCK editor upload vulnerability BIGACE is a PHP and MySQL development of Web Content Management SystemCMS. Main or FCK editor problem. Now a lot of the station, would have been quite safe, but with these so-called editor, leading to a Cup. This is a...

The establishment of the station star Sitestar v1. 3 FCK upload vulnerability-vulnerability warning-the black bar safety net

Release date: 2011-01. 1 4 Publishing author: xiaocao Affected versions: V1. 3 Official website: http://www.sitestar.cn/ Vulnerability type: file upload Vulnerability description: this vulnerability only applies to Windows IIS6, is the FCK editor is causing,as long as it is built up of the client...

The wind-Online sales system v3. 0. 0 Upload vulnerability-vulnerability warning-the black bar safety net

Author:Lan3a Program or with the FCK editor. The official website also have this problem. Use method: The first step: FooeeShop. Webedit/editor/filemanager/connectors/asp/connector. asp? Command=CreateFolder&Type=Image&CurrentFolder=%2Fshell. asp&NewFolderName=z&uuid=1 2 4 4 7 8 9 9 7 5 6 8 4 The...