Kingsoft enterprise terminal protection optimization system (getshell)

Kingsoft enterprise terminal protection optimization system (getshell)

Directly use shell .. Clean Intranet

View code

Console \ tools \ manage \ upload. php

<? Php // In PHP versions earlier than 4.1.0, $ HTTP_POST_FILES shocould be used instead // of $ _ FILES. $ uploaddir = '.. //.. // UploadDir // '; if (file_exists ('.. /.. /.. /server. conf ')! = False) {$ settings = parse_ini_file ('.. /.. /.. /server. conf ', true); $ uploaddirex = $ settings ['uploadset'] ['cltuploadurl']; if ($ uploaddirex) {$ uploaddir = $ uploaddirex ;}} else {// write configuration file} mkdir ($ uploaddir, 0777, true); $ uploadfile = $ uploaddir. basename ($ _ FILES ['file'] ['name']); echo '<pre> '; if (move_uploaded_file ($ _ FILES ['file'] ['tmp _ name'], $ uploadfile) {echo "file is valid, and was successfully uploaded. \ N ";} else {echo" Possible file upload attack! \ N ";} echo 'here is some more debugging info: '; print_r ($ _ FILES); print" </pre> ";?>

Let's see here...
 

mkdir($uploaddir,0777, true);$uploadfile = $uploaddir . basename($_FILES['file']['name']);echo '<pre>';if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)) {    echo "File is valid, and was successfully uploaded.\n";

Directly written...



You can upload an html page. Where can I upload it ???

As defined above.

Will be uploaded to the root directory UploadDir

<! Doctype html public "-// W3C // dtd html 4.01 // EN" "http://www.w3.org/TR/html4/strict.dtd"> 

Shell is here http://www.xxx.com/
 

 

Proof of vulnerability:

 

 

Solution:Enhanced Filtering