The Arbitrary File Upload Vulnerability in ruankosoft can cause the shell to be uploaded, and the security configuration of the server in the service area is also very difficult. The root permission only controls the upload type through js during the upload, the server does not control or judge the file extension $ (document ). ready (function () {document. getElementById ("logo "). focus (); $ ("# uploadify "). uploadify ({'uploader ':' http://coolteam.ruanko.com:80/resources/uploadify.swf ', 'Script ':' http://coolteam.ruanko.com:80//doUpLoadToTemp.jsp ', 'Method': 'get', 'cancelim ':' http://coolteam.ruanko.com:80/resources/images/cancel.png ', 'Folder': 'uploads', 'buttonimg ':' http://coolteam.ruanko.com:80/resources/images/liulan.png ', 'Width': 63, 'height': 18, 'queueid': 'filequeue', 'auto': true, www.2cto.com 'multi': false, 'sizelimmit ': 409600, 'text ':'*. jpg ;*. jpeg ;*. gif ;*. bmp ;*. png ', 'filedesc': 'select A jpg jpeg gif bmp png file', 'scriptdata': {'uploadpath': 'uploadtemp', 'upperfilename ':''}, onComplete: function (event, queueID, fileObj, response, data) {var value = response; $ ("# logo "). val (value); document. getElementById ("logo "). focus (); $ ("# uploadify "). uploadifySettings ('scriptdata', {'uploadpath': 'uploadtemp ', 'upperfilename': value }); // $ ("# uploadLogoInfo" pai.html (" "); [here, we can deduce the shell address after upload]}, onError: function (event, queueID, fileObj, errorObj) {if (errorObj.info = 409600) {$ ('# uploadify' + queueID ). append ('file cannot exceed 400k ');}}});
Solution:
The File Upload Vulnerability renames a file on the server action side and controls the File Upload type, removing debugging information on the page. For server security configuration, set tomcat startup permission not to root. The administrator who starts Tomcat to join the www group, so that after Tomcat is started, logs can be written to the logs directory, and the cache is generated in the works directory. All WebApp directory settings cannot be written. For some directories that need to upload images, open the write operation and disable the operation.