A Zoomla system vulnerability causes Server Control

A Zoomla system vulnerability causes Server Control

A Zoomla system vulnerability causes the server to be controllable (You have logged on to Zoomla's email address and the official old forum administrator account)

A series of problems caused by the Upload Vulnerability. wooyun has the vulnerability description.

Through the http://www.njzxw.cn/Plugins/swfFileUpload/UploadHandler.ashx can construct the upload form to submit aspx horse to the server, the principle can refer to: WooYun: Lang cms 2.4 Arbitrary File Upload somewhere (do not need to log on)

By checking that the app has a high permission, you can control dozens of websites mounted to the server and find that one of the bbs.zoomla.cn official forums is also on this server, and configure the company email account password:
 

You can log on to mail.hx008.com and mail.zoomla.cn's official account: web, which is the official email address of chinamanet and chinamanet respectively:

After checking, the bbs.zoomla.cn forum has been transferred to http://club.zoomla.cn/, but should I change the account password? View more than bbs accounts:

Use the account password of the bbs system to successfully log on to a management account of the club:

 

The website is a Zoomla CMS system, and the server should also belong to the Chinese Internet under the company

Solution:

Each website updates the latest CMS system.

The server sets the permission levels for each website. The website configuration permission can only be used to view the website files.