### 简要描述:
--求个邀请码
### 详细说明:
#1.看看前人提交的漏洞:http://**.**.**.**/bugs/wooyun-2014-070117 ,测试拿下shell之后偶然发现另外一个上传点,同样没做任何过滤,可直接穿asp后门
谷歌:inurl:/custom/GroupNewsList.aspx
[<img src="https://images.seebug.org/upload/201511/072205550496ce8f5d0fdf429fead51bcac59a82.png" alt="QQ截图20151107220252.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/072205550496ce8f5d0fdf429fead51bcac59a82.png)
#2:上传点 http://xxx/library/editornew/Editor/temp.asp
### 漏洞证明:
随便点开一个网站进去
[<img src="https://images.seebug.org/upload/201511/07221026cd109361191640e7657c9b343c04c374.png" alt="QQ截图20151107220822.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/07221026cd109361191640e7657c9b343c04c374.png)
[<img src="https://images.seebug.org/upload/201511/072211109a71c79924ba133be3fca7a95b9f58d4.png" alt="QQ截图20151107220904.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/072211109a71c79924ba133be3fca7a95b9f58d4.png)
成功上传
http://**.**.**.**:90/library/editornew/Editor/NewImage/201511722102813827.asp
[<img src="https://images.seebug.org/upload/201511/07221209dccd009942854d7522bf7068be132b5a.png" alt="QQ截图20151107220958.png" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201511/07221209dccd009942854d7522bf7068be132b5a.png)
#3:更多案例
http://**.**.**.**/library/editornew/Editor/NewImage/201511722124825384.asp
http://**.**.**.**/library/editornew/Editor/NewImage/20151172217791728.asp
还有许多就不一个一个测试了,
京公网安备 11010502034610号
暂无评论