Www.cnki.net the JS verification of registered users of chinnet is lax, causing the upload of shell. The intranet does not dare to forward it in. If it is forwarded, the website cannot be opened .... this vulnerability has been put for a long time, submitted to the end of the day before the mourning http://my.cnki.net/elibregister/commonRegister.aspx registration of the place before to limit the registration of what asp. asp, or something, and a friend thought of a way to bypass it, and then he successfully bypasses it. Then, in the process of uploading image parsing, take a shell look at the figure and register it, because I need to register XXX such as 1.asp. upload parsing shell like asp
No. So most of them filtered out the registration can not view the source code to see a registered js and then open the js to find this paragraph and then began to combine the HA http://my.cnki.net/CommonSubmitTarget.aspx? Username = & password = & email = then fill in the mode http://my.cnki.net/CommonSubmitTarget.aspx? Username = madman. asp & password = 322131132132 & email = 12515151@qq.com Username Ah Password password Email three required to find out to write and then open this link and then register successfully and then we go to the front desk login try? Username = madman. asp & password = 121231321 & email = 141516156@qqqq.com login successful, then we take shell in the home page login center to see a forum user can upload the Avatar and then upload the Avatar selection because I already know that iis6.0's resolution Vulnerability
Then, check the element to see the path and open it. Then, click the blank kitchen knife to find out if the parsing is successful. Then, if the parsing is successful, the article is skipped. The permission is very easy, and there is no pressure on the user. However, if there is a hard anti-forwarding function, You Need To Stop port 80 and then forward it through port 80. It feels very risky.Solution:Oh, last day's counterattack