VULHUB ™

### 简要描述： 本月8号就发了个同样的上传漏洞 http://www.wooyun.org/bugs/wooyun-2010-048293 迟迟不给确认,好吧 那我就只有用这种方式催催... Tips:如果再不及时确认,就公布续集二... ### 详细说明： #1 漏洞挖掘 漏洞出现在 /script/multiupload/uploadify.php 51行--- ``` None ``` 访问Upload.htm,采用Burpsuite抓包截断 [<img src="https://images.seebug.org/upload/201401/1315194103ef74319b0ad3eafaf64c1baf46f0bd.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/1315194103ef74319b0ad3eafaf64c1baf46f0bd.jpg) 点击Forward，就可在根目录下生成shell.php [<img src="https://images.seebug.org/upload/201401/131522178e671f4550a2258245967414efebbd79.jpg" alt="0.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/131522178e671f4550a2258245967414efebbd79.jpg)

### 简要描述： 本月8号就发了个同样的上传漏洞 http://www.wooyun.org/bugs/wooyun-2010-048293 迟迟不给确认,好吧 那我就只有用这种方式催催... Tips:如果再不及时确认,就公布续集二... ### 详细说明： #1 漏洞挖掘 漏洞出现在 /script/multiupload/uploadify.php 51行--- ``` None ``` 访问Upload.htm,采用Burpsuite抓包截断 [<img src="https://images.seebug.org/upload/201401/1315194103ef74319b0ad3eafaf64c1baf46f0bd.jpg" alt="2.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/1315194103ef74319b0ad3eafaf64c1baf46f0bd.jpg) 点击Forward，就可在根目录下生成shell.php [<img src="https://images.seebug.org/upload/201401/131522178e671f4550a2258245967414efebbd79.jpg" alt="0.jpg" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201401/131522178e671f4550a2258245967414efebbd79.jpg)