Oblog 4.5-4.6 access&mssql getshell 0day 

©

¶״̬



2012-07-06 ϵ̲ҵȴУϸڲ⹫
2012-07-06 Ѿ©ϸڹ


Ҫ

ڳԳ߼жϳ¿ͨIIS©ֱWEBSHELLȨޡ

ϸ˵

Ӱ췶Χ4.5 - 4.6
 ©: IIS6.0\Ա
 ھ:henry
 
ԭ,Ӱ췶ΧȽϹ..
 
QQ..
 
©ļ
 
AjaxServer.asp (372)
log_filename = Trim(Request("filename"))//δԶļAjaxServer.asp (259)(ؼ)
If (oblog.chkdomain(log_filename) = False And log_filename <> "") and isdraft<>1 Then oblog.adderrstr ("ļƲϹ淶ֻʹСдĸԼ֣")

 
߼,ֻҪһ,.뿴:
 
206 
isdraft = Int(Request("isdraft")) //ɿ

 

isdraft=1
 ɹ
 

©֤

©ã
 
 עԱһ־
  ޸־߼ѡļдabcdefgΪһ仰ľԴ롣Ȼץ档
  ޸ıݣfilenameΪa.asp;xisdraftΪ1ύ
  صĹѡ·־־ַΪSHELLַ
 
tips: Ŀ¼, ɿfilename=../../data/a.asp;x
