大汉网络又来几处命令执行漏洞

2013-09-23T00:00:00
ID SSV:93887
Type seebug
Reporter Root
Modified 2013-09-23T00:00:00

Description

简要描述:

RT

详细说明:

存在漏洞的地址: http://demo.hanweb.com/jact/front/front_reg.action http://demo.hanweb.com/jact/front/front_mailstat.action http://demo.hanweb.com/jact/front/front_mailwrite.action 直接谷歌:site:hanweb.com filetype:action 一堆是...

<img src="https://images.seebug.org/upload/201309/20154655a8324b9e3561459d7b8f6b14703b4b5a.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201309/20154740d6920b21bec1481051f561ba6c05cf80.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">

证明: http://demo.hanweb.com/jact/1.txt

漏洞证明:

<img src="https://images.seebug.org/upload/201309/201547445fd1f70f06b79964e0ad0a6826cf85ce.jpg" alt="4.jpg" width="600" onerror="javascript:errimg(this);">

<img src="https://images.seebug.org/upload/201309/2015480627101d32bd60c8c397d5636f2b18fe60.jpg" alt="3.jpg" width="600" onerror="javascript:errimg(this);">