Category: 原创作品
2006-01-26 14:45:08 by: h4x0r

网易存在上传漏洞

Font Size: Large | Medium | Small
测试地址:http://post.gz.163.com/gzvote/upload.jsp
可以上传任意后缀名的文件,经过测试,上传后,文件名随机生成,无法找到上传后的的文件,入侵失败 [sweat] 如果有高人可以看看
[Last Modified By h4x0r, at 2006-01-26 14:47:18]
Comments Feed Comments Feed: http://www.4evil.org/feed.asp?q=comment&id=547

View Mode: Show All | Comments: 6 Trackbacks: 0 Toggle Order | Views: 1372
Quote 光影
[ 2006-01-27 05:50:35 ]
抓包么,傻瓜……
Quote 只手乾坤
[ 2006-01-27 11:30:19 ]
抓包这么傻瓜的事还用你提醒?不知道谁是傻瓜。呵呵
Quote 只手乾坤
[ 2006-01-27 11:38:32 ]
上传*.GIF 返回时看到文件名已经改成*.jpeg。是不是其他的也这样哦。那就****
Quote kofj*
[ 2006-02-12 18:51:22 ]
文件名后缀会改成jpeg的
虽然有办法找到文件,不过后缀改了就没意义了
Quote badwolf
[ 2006-03-11 15:55:02 ]
<script language="JavaScript" type="text/javascript">
<!--
  var _rsCI="cn-netease";
  var _rsCG="0";
  var _rsDT=0;
  var _rsDU=0;
  var _rsDO=0;
  var _rsX6=0;
  var _rsSI=escape(window.location);
  var _rsLP=location.protocol.indexOf('https')>-1?'https:':'http:';
  var _rsRP=escape(document.referrer);
  var _rsND=_rsLP+'//secure-cn.imrworldwide.com/';

  if (parseInt(navigator.appVersion)>=4)
  {
    var _rsRD=(new Date()).getTime();
    var _rsSE=1;  
    var _rsSV="";
    var _rsSM=0.01;
    _rsCL='<scr'+'ipt language="JavaScript" type="text/javascript" src="'+_rsND+'v51.js"><\/scr'+'ipt>';
  }
  else
  {
    _rsCL='<img src="'+_rsND+'cgi-bin/m?ci='+_rsCI+'&cg='+_rsCG+'&si='+_rsSI+'&rp='+_rsRP+'">';
  }
  document.write(_rsCL);
//-->
</script>

路径是这个 1点1点算
Quote freejanker
[ 2006-04-13 10:16:48 ]
我想上传了也没用的,网易保存图片目录无权限执行脚本文件。

Post Comment
Smilies
[smile] [confused] [cool] [cry]
[eek] [angry] [wink] [sweat]
[lol] [stun] [razz] [redface]
[rolleyes] [sad] [yes] [no]
[heart] [star] [music] [idea]
Enable UBB Codes
Auto Convert URL
Show Smilies
Hidden Comment
Username:   Password:   Register Now?
Security Code * Please Enter the Security Code