Arbitrary code execution due to the Arbitrary File Upload Vulnerability in huashun (including the repair solution)

Source: Internet
Author: User

Brief description: attackers can upload arbitrary WEB backdoors to perform penetration tests on the Intranet. Obtain all the company's user information and any internal network database.
Description: You can upload a PHP backdoor.
Http://210.xx.244.xx: 88/infoxxx/upload/2011.php
Proof of vulnerability: Alerter
Apache2.2 _ newzxpt
COM + Event System
Computer Browser
DefWatch
Distributed File System
Distributed Link Tracking Client
Distributed Transaction Coordinator
Event Log
IPSEC Policy Agent
License Logging Service
Logical Disk Manager
Messenger
MySQL
NetTime
Network Connections
Norton AntiVirus Client
PcAnywhere Host Service
Plug and Play
Protected Storage
Remote Access Connection Manager
Remote Procedure Call (RPC)
Remote Registry Service
Removable Storage
RunAs Service
Security Accounts Manager
Server
SSC Monitor
System Event Notification
Task Scheduler
TCP/IP NetBIOS Helper Service
Telephony
Telnet
VNC Server
Windows Management Instrumentation
Windows Management Instrumentation Driver Extensions
Workstation

IPCONFIG/ALL
Connection-specific DNS Suffix .:
Description ......: 3Com 3C920 Integrated Fast Ethernet Controller (3C905C-TX Compatible)
Physical Address ......: 00-E0-81-29-08-48


Solution: Perform code auditing. The wap publishing platform has multiple security vulnerabilities.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.