Elcom CMS - Community Manager Insecure File Upload Vulnerability - Security Advisory - SOS-12-008 影响产品 Elcom CMS - Community Manager 开发语言 ASP.NET 影响版本. Elcom Community Manager version 7.4.10 and 问题发现者 Remote with authentication 解决状态 7.5及更新版本已解决(not verified by SOS) 技术分析. The https:// HdhCmsTest2cto测试数据 UploadStyleSheet. asp x script does not validate the file type passed in the parameter "myfile0" on the server side allowing the uploading and execution of ASPX files. An attacker can upload an ASPX web shell and execute commands with web server user privileges. 测试证明 (port scanning). A shell uploaded using the vulnerable (https:// HdhCmsTest2cto测试数据 /UploadStyleSheet.aspx) script can be accessed at the following location: https://[server]/UserUploadedStyles/shell.aspx 解决方案 升级
查看更多关于Elcom CMS 7.4.10 Community Manager不安全文件上传 - 网站的详细内容...