Recommendation: Secondary discovery of Taoyuan network hard disk Vulnerabilities

I published the Taoyuan network hard disk-related vulnerabilities in the anti-DDoS pro Article 10th. The official website of Taoyuan was immediately notified to fix the vulnerability. Recently, when I got bored after work, I downloaded the latest version 2.5 of Taoyuan network hard drive for comprehensive detection. It is found that, although "." is used to save and download the configuration files and databases of its website, vulnerabilities are fixed. However, after a test using other methods, Khan was found. There are also related vulnerabilities. You can also construct code to view the source code, configuration files, and databases of all files on the network hard disk. Okay. Let's move on to the subject.

In order to give you a real visual effect, it is intended to be tested in detail on the official website. The first is the Upload Vulnerability. Here, the official version of V2.5 has been changed to the latest version. The vulnerability "." has long existed. So I used other methods. First, the first step is to rename the ASP file to be uploaded. Add an ASP. ASP extension.

Okay, then upload the file.

During the upload process, we used to use a punctuation to break through the upload process. Now we can add an ASP extension to the suffix. Next, rename the uploaded file and change it back to ASP.

Next, we will edit and save the file like the vulnerability described in section 10.

Okay. Here, you can use the modified suffix to duplicate the upload limit. The upload vulnerability is described here. In the following example, you can directly access the source code of any file in the directory of the Taoyuan network hard disk.

First, I will review the configuration files and databases that can be directly submitted and downloaded in the tenth period. However, in the new version, it is basically fixed. Now, if you complete the path, the system will prompt that the file does not exist. However, although the new version cannot be downloaded directly, you can use ".. /.. /"to jump to the website directory, You can edit any file in the online directory. What's wrong? Please refer to the submitted code as follows: editfile. aspx? File = ../web. config & path = /.

No? Now, you can edit the configuration file by using redirection. Now that you know the database name, write the database name in the code.

Why? Can I view the online storage database directly. I don't need to talk about the subsequent operations. If you want to modify the home page of the peer network hard disk, submit the file "index. aspx. Save the modification.

The above submission technology is not new, but the Taoyuan official website was notified in May. Later, the website mentioned the fix of the Upload Vulnerability and storm Library Vulnerability. However, if it is not completely fixed, you will be clear about it. Another method can be used to break through. This method also exists in some upload systems. You should pay attention to it in future testing.