再再暴用友ICC网站客服系统任意文件上传漏洞

简要描述： 再再暴用友ICC网站客服系统任意文件上传漏洞，看了一下上一个漏洞：http://www.wooyun.org/bugs/wooyun-2010-06749，发现可以饶过官方修复。 详细说明： 测试多个网站均存在漏洞。 /home/ecccs/web/5107https://images.seebug.org/upload/screenImagesSave.php 具体自己看源码这里直接给出利用代码。 上一个是jpg.php 这个是只要在jpg.php后面加个.那么 上传后一样可以解析 http://xxx.com/xxx.php. 这样一样可以解析为 php 的。 测试了：...

With the Friends of the ICC website customer service system remote code execution vulnerabilities and fixes-vulnerability warning-the black bar safety net

The program /home/ecccs/web/5107/upload/uploadFlash.php File there is a serious logic error! Resulting vulnerabilities generated! More than a large web site customer service system all you can use this vulnerability to gain administrative privileges! ? php / uploadFlash.php Flash file upload. /...