科讯KESION CMS最新版任意文件上传WEBSHELL漏洞
会员上传文件漏洞,可以上传任意后缀<p>user/swfupload.asp文件漏洞<br /><br /><br><div class="msgheader"><div class="right"><span style="CURSOR: pointer" class="copybut"><u>复制代码</u></span></div>代码如下:</div><div class="msgborder" id="phpcode1"><br />If UpFileObj.Form("NoReName")="1" Then '不更名 <br />Dim PhysicalPath,FsoObj:Set FsoObj = KS.InitialObject(KS.Setting(99)) <br />PhysicalPath = Server.MapPath(replace(TempFileStr,"|","")) <br />TempFileStr= mid(TempFileStr,1, InStrRev(TempFileStr, "/")) & FileTitles <br />If FsoObj.FileExists(PhysicalPath)=true Then <br />FsoObj.MoveFile PhysicalPath,server.MapPath(TempFileStr) <br />End If <br />End If<br /></div></p>
会员注册登录后,手工构造一NoReName参数即可上传自定义文件名 <br /><br />绕过危险代码可以用<!--#include file=""-->类型来包含图片即可,可以用远程下载或者修改/user/User_Blog.asp?action=BlogEdit里的LOGO文件来上传代码文件(不检查危险代码的哦)
<p> <img alt="" src="https://img.jbzj.com/file_images/article/201405/201405071149344.jpg" /><br /><img alt="" src="https://img.jbzj.com/file_images/article/201405/201405071149345.jpg" /></p>
<img alt="" src="https://img.jbzj.com/file_images/article/201405/201405071149346.jpg" /><br /><img alt="" src="https://img.jbzj.com/file_images/article/201405/201405071149347.jpg" /><br /><img alt="" src="https://img.jbzj.com/file_images/article/201405/201405071149348.jpg" /><br /><img alt="" src="https://img.jbzj.com/file_images/article/201405/201405071149349.jpg" /><br /><img alt="" src="https://img.jbzj.com/file_images/article/201405/2014050711493410.jpg" /><br /><img alt="" src="https://img.jbzj.com/file_images/article/201405/2014050711493411.jpg" /><br /><img alt="" src="https://img.jbzj.com/file_images/article/201405/2014050711493412.jpg" /><br />
<p><strong>修复方案:</strong></p>
<p>过滤。。</p>
頁:
[1]