网站地图    收藏   

主页 > 后端 > 网站安全 >

Elcom CMS 7.4.10 Community Manager不安全文件上传 - 网站

来源:自学PHP网    时间:2015-04-17 11:59 作者: 阅读:

[导读] Elcom CMS - Community Manager Insecure File Upload Vulnerability - SecurityAdvisory - SOS-12-008影响产品 Elcom CMS - Community Manager开发语言 ASP.NET影响版本. Elcom Community ......

Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security 
Advisory - SOS-12-008
 
影响产品     Elcom CMS - Community Manager
开发语言               ASP.NET
影响版本.         Elcom Community Manager version 7.4.10 and 
问题发现者         Remote with authentication
解决状态     7.5及更新版本已解决(not verified by 
SOS)
技术分析.
The https://www.2cto.com UploadStyleSheet.aspx script does not validate the file 
type passed in the parameter "myfile0" on the server side allowing the 
uploading and execution of ASPX files. An attacker can upload an ASPX web 
shell and execute commands with web server user privileges.
 
测试证明 (port scanning).
A shell uploaded using the vulnerable 
(https://www.2cto.com /UploadStyleSheet.aspx) script can be accessed at the 
following location: https://[server]/UserUploadedStyles/shell.aspx
 
解决方案
升级 
 

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论