Recommended: two times found in Taoyuan Network hard disk Vulnerability research

I in the 10th issue of the Black defense in the Taoyuan network of hard disk-related vulnerabilities. Immediately informed the Taoyuan authorities to fix the relevant loopholes. Recently, after work boring, on the download of the Taoyuan network hard disk of the latest version 2.5 for comprehensive testing. found that although the use of ".", save, download the Web site configuration files and databases and other vulnerabilities. But in other ways, after a test, I found that sweat. There are still related vulnerabilities, there is the code can be constructed, arbitrary view of the network hard disk all the files of the source code and configuration files and databases. OK, let's get to the point.
In order to give you a real visual effect, deliberately in the official detailed test. The first is to upload the loophole, where the official has been replaced with the latest version of V2.5. where you use "." The loophole that has come to break out is long gone. So I used other methods. First, the first step is to rename the ASP file that will be uploaded. The method is to add a asp.asp to the suffix name.
OK, then upload it.
In the upload, the previous is a punctuation can be used to break through the upload, and now add a suffix of an ASP on the line. Then the file just uploaded to rename, the file changed back to the ASP.
Next, just like the vulnerability described in phase Tenth, save the file for editing.
OK, here is the use of the modification suffix name repeat can break the upload limit. This is still a bug in the upload. In the following is a direct access to the Taoyuan network hard disk directory arbitrary file source code it.
First of all, I said in the 10 issue can be directly submitted to download their network configuration files and databases. But in the new version of the basically patched up, now play the full path will prompt the file does not exist. However, in the new version, although not directly downloaded, but you can use the ". /.. /"This to the site directory to jump on the network can be online to the directory of any file to edit Oh." What's the matter, I don't believe it? Please see, the submission code is as follows: Editfile.aspx?file=. /.. /web.config&path=/.
Do you see it? Now you can use the jump to edit the configuration file. Now that the database name is known, write the database name in code.
What's the matter, is it possible to directly view the network disk database it. What to do in the back do not need me to say it. If you want to the other side of the network hard disk to modify the first page, then submit the file "Index.aspx" Oh. It's OK to save after the modification.
The above submitted technology is not new, but since September informed the Taoyuan authorities, and later on the home page to repair the upload of vulnerabilities and Bauku vulnerabilities. But is not really completely repaired to everybody also clear, change another method can break through. And this kind of method exists in the partial uploading system. Everyone will pay attention to the test in the future.