3 matches found
YxShop easy to shopping Mall fckeditor upload vulnerability-vulnerability warning-the black bar safety net
YxShop 是 国内 首家 ASP.NET 免费 开源 商城 购物 系统 是 易 想 团队 自主 研发 的 基于 Asp.Net+C+SQL B2C online store system, with open source, high-speed, stability, security and other characteristics, can be free to add channels, as long as understood website General knowledge of webmasters can easily use the easy to Mall...
YxShop易想购物商城4.7.1版本任意文件上传漏洞
简要描述: 这个号称中国首家ASP.NET免费开源商城购物系统。最新版本是4.7,竟然采用2.4版本以下的fckeditor编辑器。所以可以直接上传任意文件。 详细说明: 其他版本我没测试,估计也是一样的问题 http://127.0.0.1/controls/fckeditor/editor/filemanager/browser/default/browser.html?Type=../&Connector=connectors/aspx/connector.aspx 跳转到网站根目录上传任意文件。 漏洞证明:...
YxShop easy to Shopping Mall 4. 7. 1 version arbitrary file upload vulnerability-vulnerability warning-the black bar safety net
Author: Konstantin Tonight happened to come across this app, went to search a bit and found that with people quite a lot. Also no search to the hackers published the program of the vulnerability, so the lower the source code, find the fckeditor folder, look at its directory structure is there wit...