Home > Others

Attack and prevention of "vulnerabilities in the modern teaching management system of colleges and universities"

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Some time ago, I saw a buddy in the group share a "University's Modern Teaching Management System Vulnerability". The method is very simple and webshell will be available soon.

Similar to fck, it also uses the upload function.

Ftb. imagegallery. aspx is a directory with the upload function, which can be opened after being added to the website domain name. Upload an ASP Trojan with a DNS record (you need to change the suffix to make it public for security reasons .) Direct access. As follows: First: Search Step 2: Find the domain names of the websites that can be uploadedUpload successful. Step 3: access the directory of the network horse Proof:

(The pictures above are too lazy to CAPTCHA while looking at images. They are all horses, black and wide. Slow down. Don't turn the server into a horse farm !)

 

Solution: (Do not spray what you want)

1. Change the Management System (the most decisive and the best solution .)

2. If the website administrator is too reluctant to change, change the path "Ftb. imagegallery. aspx. (In fact, this is not recommended. After all, if you really want to scan the directory, the directory will be scanned !)

3. Set access permissions or change to an error page.

4. Stop parsing Trojans with changed suffixes.

 

My personal summary should also be available online. If anything is wrong, correct it.

 

By: blackeagle www. blackeagle. Name/

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
scada system security threats vulnerabilities and solutions textbook of logistics and supply chain management in and of discount code pros and cons of linux operating system pros and cons of project management methodologies practice of system and network administration in and of discount code

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More