### 简要描述:
本月8号就发了个同样的上传漏洞
http://www.wooyun.org/bugs/wooyun-2010-048293
迟迟不给确认,好吧 那我就只有用这种方式催催...
Tips:如果再不及时确认,就公布续集二...
### 详细说明:
#1 漏洞挖掘
漏洞出现在
/script/multiupload/uploadify.php 51行---
```
None
```
访问Upload.htm,采用Burpsuite抓包截断
[<img src="https://images.seebug.org/upload/201401/1315194103ef74319b0ad3eafaf64c1baf46f0bd.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/1315194103ef74319b0ad3eafaf64c1baf46f0bd.jpg)
点击Forward,就可在根目录下生成shell.php
[<img src="https://images.seebug.org/upload/201401/131522178e671f4550a2258245967414efebbd79.jpg" alt="0.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/131522178e671f4550a2258245967414efebbd79.jpg)
京公网安备 11010502034610号
暂无评论