Two File Upload Vulnerabilities Exist in Website Builder Star Backend

Ltd., is a cloud computing-based Internet application service provider. There are file upload vulnerabilities in the background of sitestar 1 banner scroll bar edit-select single image upload and 2 product management in the background-edit more image upload. Allow attackers to upload webshell and...

建站之星后台任意文件读取

简要描述： 下载官方最新安装包，并去官方论坛打上了所有补丁。 详细说明： 访问：http:/target/sitestar/admin/index.php?m=../../robots.txt%00&a=adminadd robots.txt是系统自带，虽然是后台文件，但是其实无需管理员权限即可访问 如图： win下:http://target/sitestar/admin/index.php?m=../../../../../../../../../../windows/win.ini%00.jpg&a=adminadd...