Brief description: attackers can upload arbitrary WEB backdoors to perform penetration tests on the Intranet. Obtain all the company's user information and any internal network database.
Description: You can upload a PHP backdoor.
Http://210.xx.244.xx: 88/infoxxx/upload/2011.php
Proof of vulnerability: Alerter
Apache2.2 _ newzxpt
COM + Event System
Computer Browser
DefWatch
Distributed File System
Distributed Link Tracking Client
Distributed Transaction Coordinator
Event Log
IPSEC Policy Agent
License Logging Service
Logical Disk Manager
Messenger
MySQL
NetTime
Network Connections
Norton AntiVirus Client
PcAnywhere Host Service
Plug and Play
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry Service
Removable Storage
RunAs Service
Security Accounts Manager
Server
SSC Monitor
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper Service
Telephony
Telnet
VNC Server
Windows Management Instrumentation
Windows Management Instrumentation Driver Extensions
Workstation
IPCONFIG/ALL
Connection-specific DNS Suffix .:
Description ......: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)
Physical Address ......: 00-E0-81-29-08-48
Solution: Perform code auditing. The wap publishing platform has multiple security vulnerabilities.