Script Home » Script offensive » Division) KESION CMS the latest version of any file upload WEBSHELL loopholes

Division) KESION CMS the latest version of any file upload WEBSHELL loopholes

Author:zyq Release:2014-6-15 Onlookers:0 views time+ Comments Off

Users can upload files loophole, upload any suffix

user/swfupload. Loopholes in the asp file

code is as follows:

If UpFileObj. The Form (" NoReName ")="1" Then "not more the name
Dim PhysicalPath, FsoObj: Set FsoObj=KS. InitialObject (KS) Setting (99))
PhysicalPath=Server MapPath (replace (TempFileStr," | ", ""))
TempFileStr=mid (TempFileStr, 1, InStrRev (TempFileStr,"/")) & FileTitles.
If FsoObj FileExists (PhysicalPath)=true Then
FsoObj. The MoveFile PhysicalPath, server MapPath (TempFileStr)
End If
End If

Member login, manually constructed a NoReName parameters can upload a custom file name

bypass dangerous code can use <! - #include file=" " - >Type to contain images can, can use the remote to download or modify/user/User_Blog. Asp? Action=BlogEdit LOGO files to upload code file in danger (do not check code oh)