FSMCMS dimensionpic.jsp 任意文件上传

No description provided by source...

FSMCMS p_replydetail. jsp MailId parameter SQL injection vulnerability

No description provided by source...

FSMCMS /cms/client/uploadpic_html. jsp arbitrary file upload

No description provided by source...

FSMCMS p_criticfrontlist. jsp TID parameter SQL injection vulnerability

No description provided by source...

FSMCMS /cms/fileupload/uploadwordpic. jsp upload vulnerability

No description provided by source...

FSMCMS jspdownload. jsp download vulnerability

No description provided by source...

FSMCMS columninfo. jsp ColumnID parameter SQL injection vulnerability

http://xxx.com/fsmcms/cms/web/columninfo.jsp?ColumnID=-5 UNION SELECT 1,2,concat0x7e7e7e,database,0x7e7e7e,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38...

FSMCMS /cms/video/selectvideo. jsp upload vulnerability

Upload vulnerability address: http://xxxx.com/cms/video/selectvideo.jsp Only on the client to verify the suffix, you can upload jspx file here to disable JavaScript to upload file getshell, after viewing the source code get the saved path...