Home | hacker invade | crack analyzes | hacker course | Exploit | encryption decipher | network management | System crack | the virus to be related | invades the examination | firewall
You are here: hacking technology > System crack > Content
Hot Articles
GeoVision Digital Video
Adobe Acrobat and the Re
Samba group_mapping.tdb/
The Sleuth Kit - UNIX-ba
Marvell 88W8361P-BEM1 ch
CS-Cart core / user.php
phpBB Small ShoutBox mod
Outlook Web Access for E
FlexCell Grid ActiveX co
PHP error_log bypasses t
Apple Bonjour for Window
nginx file type error pa
DedeCMS V5.5 Final GetWe
Details of PHP code exec
The VMware 2008-0014 ren
Recommend Articles
Mozilla the Firefox 2.0.
DC++ many long-distance
VLC the media player WAV
The Wireshark 1.0.1 edit
Wordpress XML-RPC connec
ServerView Web connectio
PCRE the pcre_compile.c
phpMyAdmin long-distance
Panda the ActiveScan lon
BlueZ the SDP load handl
1024 CMS many documents
WeFi journal file local
vBulletin adminlog.php r
Microsoft Windows DNS se
Adobe RoboHelp Server he
New Articles
DiY - brief loophole ana
Freefloat FTP Server ove
I can with Apache endeav
HP - UX NFS/ONCplus unkn
HP - UX FTPD remote deni
HP - UX DCE can send acr
HP - UX 'useradd' local
HP - UX swagentd remote
HP - UX Numbers local de
HP - UX System under the
HP - UX 'FTPD' unknown r
HP TCP/IP Services for c
From Solaris NFS pages f
From Solaris XScreenSave
Sun Solaris Auditing Ext
DedeCMS V5.5 Final GetWebshell latest 0day vulnerability
  Add date: 08/27/2010   Publishing date: 08/27/2010   Hits: 578
DedeCMS is woven dream content management system, the latest version has been released to the official version of 5.5. Very regrettable that the new version of the loopholes they burst, so black subsistence Special Laipian point royalties. The vulnerability allows malicious attackers to be directly targeted Webshell, but also affect the GBK, UTF-8 in two versions, 5.3 is not affected by testing. (Solemnly declare: vulnerability of non-I found that my tool is not written) using the process is very simple view of all you see 11 to be black.

Open the browser to keyword as "Power by DedeCMS" search can find a lot of sites using this program, drag the bottom of the page to see a "Powered by DedeCms V55_GBK" or "Powered by DedeCms V55_UTF8" site, it shows that targets may be successfully attacked. Or directly with GBK or UTF8 keyword search can also identify possible targets of attack.

The process of hole formation of Juti not shiver Le directly write out a large cow's Li Yong tools, PHP version, and it has exe Ban, the rookie for the convenience of the general masses, with the exe in Lai Shui Ming look at how to exploit the vulnerabilities Gongji it .

Find a good goal, the bottom of the version information in Figure 1.



And then use tools dedeexp.exe into C drive directory, then open a command prompt (ie CMD.exe). Command format shown in Figure 2.



Target domain name that is dedeexp.exe target path, successfully attack shown in Figure 3.



Suggest a word to the server has been successfully generated / data / cache / t.php, visit this page blank, indicating the file already exists, the words used lanker dual-use PHP + ASP client to connect successfully, shown in Figure 4.



Using the client's file upload function or file creation functions can get the server to Malaysia, in Figure 5.



Database connection by looking at the site file data / common.inc.php get MySQL database connection password, get access to the database administrator account password, log back and found the official patch has been downloaded, shown in Figure 6.



Updated after the completion of tests found flaws can no longer successfully use, bug fixes over, shown in Figure 7.



Then clean up the background under the log log, delete Webshell, low-key exit.

(Articles related to the tool dedeexp.exe, ASP + PHP dual Shell.Htm have your CD-ROM)
Prev:e107 Content Management System SQL Injection vulnerability exists usersettings.php page Next:IIS source code disclosure, and file type parsing error

Comment:

Category: Home > System crack
Home