The learning platform is a set of network learning platforms for language disciplines born from the subject of foreign language education reform in colleges and universities. It adopts the B/S architecture based on campus network, it features "Advanced Technology", "rich content", and "novel functions. Language learning is a very good auxiliary tool. Most of the systems run in windows + tomcat environments. jsp is generally permitted with the system permission, so once getshell is used, the server will fall.
The problem lies in uploading. After a common user logs on to the system, the user can upload images in his/her personal information. However, there are no restrictions on uploading. As long as the user can register the images, the user can use the shell.
You can directly upload the jsp Trojan to getshell, but there is a small problem and it cannot be registered. I have read it carefully. Most websites just delete the Registration button, and did not delete the registration of direct access to access can be done, the official website also has this vulnerability, http://gd.englishvod.net/jasinda/iswin.txt
The server is also involved,
Solution:
Do not spray
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
