we7cmd后台上传webshell

admin/Folder.aspx.cs中

...

 string Filter

        {

            get

            {

                string f = Request["filter"];

                if (f == null)

                {

                    f = "*";

                }

                return f;

            }

        }

…

   void LoadFiles()

        {

   

            //if (SelectType != null)

            //    dd.FolderUrl += "&noSelect=1";

            dd.FileUrl =actionLinks; 

            dd.PathName = f; ;

            dd.Filter = Filter;

            dd.AutoCreate = AutoCreate;

            dd.BasePath = Server.MapPath("/");

            dd.Process();

            FileListGridView.DataSource = dd.Items;

            FileListGridView.DataBind();

            FilterLabel.Text = Filter;

            PathLabel.Text = CurrentFolder;



            string dir = Path.Combine(dd.BasePath, dd.PathName);

            CreateHyperLink.Enabled = !IsForbid(dir) && !IsReadyonly(dir);

            UploadHyperLink.Enabled = !IsForbid(dir) && !IsReadyonly(dir);

        }

	...

　　Filter是过滤器，就是允许上传的类型，具体见http://sdk26.we7.cn/html/c68dcc7c-d336-8c03-7fd7-cdbd18f025ef.htm

很明显没有经过过滤就直接，ok，来说下利用，

进入后台，模板->编辑模板->新建模板->导入静态html,弹出一个对话框，

www.xx.com/admin/Folder.aspx?noSelect=0&folder=/_skins/r&filter=*.htm

,copy url，在窗口打开,修改www.xx.com/admin/Folder.aspx?noSelect=0&folder=/_skins/r&filter=*.aspx

直接上传webshell

posted @ 2015-10-09 11:07 小生观察室阅读(225) 评论(0) 编辑收藏举报

刷新页面返回顶部

小生观察室

公众号：小生观察室

we7cmd后台上传webshell

公告