What I saw in the A5 school class website system Recommendation? If you are bored, download it.
The vulnerability exists in the FileUpload. asp file under the fileload Directory, which is used to build and upload without fear.
-----------------------
Var fu = new FileUpload ("uploadForm", "idFile", {Limit: 3, ExtIn: ["rar", "doc", "xls"], RanName: true, onIniFile: function (file) {file. value? File. style. display = "none": this. folder. removeChild (file) ;}, onEmpty: function () {alert ("select a file") ;}, onLimite: function () {alert ("upload limit exceeded") ;}, onSame: function () {alert ("the same file already exists") ;}, onNotExtIn: function () {alert ("only upload allowed" + this. extIn. join (",") + "file") ;}, onFail: function (file) {this. folder. removeChild (file);}, onIni: function (){
---------------------
Rename the file and perform local JS verification. In combination with the IIS6.0 Parsing Vulnerability, you can use Firefox for IIS7.0.
Vulnerability exploitation methods:
Access the http://www.bkjia.com/fileload/FileUpload. asp and then change the asptrojan to 1.asp).rar or asp;. xsl after the uploaded file is also exist/fileload/file/below
Website System: http://down.admin5.com/asp/60831.html
Fixed: Targeted Modification
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
