After I published a bug related to Taoyuan network hard drive in the 10th issue. Immediately notified Taoyuan officials to fix the relevant vulnerabilities. Recently, I was bored after get off work, so I downloaded the latest version of Taoyuan Network Hard Drive 2.5 for comprehensive inspection. I found that although I patched the vulnerabilities such as using ".", saving and downloading the configuration files and database of its website. But after testing with other methods, it was found that sweat. There are still related vulnerabilities, and there is also the ability to construct code and view the source code, configuration files and databases of all files in the network hard disk at will. OK, let's turn to the topic.
In order to give everyone a real visual effect, I specially tested it in the official detailed manner. The first is the upload vulnerability, here the official has replaced the latest version of V2.5. The loophole that is used to break through with "." has long since disappeared. So I used other methods. First, the first step is to rename the ASP file to be uploaded. The method is to add one suffix name.
OK, then upload.
When uploading, you used to use a punctuation to break through the upload. Now you just need to add an ASP to the suffix name. Then change the name of the newly uploaded file and change the file back to ASP.
Next, just like the vulnerability introduced in the tenth issue, edit and save the file.
OK, here we can break through the upload limit by modifying the suffix name. What we are talking about here is the uploaded vulnerability. Let’s talk about directly accessing the source code of any file in the Taoyuan network hard disk directory.
First, let’s review what I said in the tenth issue that you can directly submit and download the configuration file and database of the network disk. However, the one in the new version has basically been fixed. Now if you type the complete path, it will prompt that the file does not exist. However, although it cannot be downloaded directly in the new version, you can use the "../../" to jump to the website directory and edit any file in the network disk directory online. What's wrong, don't believe it? Please see, the submission code is as follows: ?file=../../&path=/.
See? Now you can edit the configuration file by using jump. Now that the database name is known, write the database name in the code.
What's wrong? Can you directly view the network disk database? I don't need to tell you how to operate the following. If you want to modify the other party’s network hard drive homepage, submit the file “”. Just save after modifying.
The technology submitted above is not new, but Taoyuan official was notified in September, and later mentioned on the homepage that the upload vulnerability and the breach library vulnerability were patched. But if it is really completely repaired, everyone will know that it is clear. You can break through with another method. And this method exists in some upload systems. Everyone should pay attention to the test in the future.
In order to give everyone a real visual effect, I specially tested it in the official detailed manner. The first is the upload vulnerability, here the official has replaced the latest version of V2.5. The loophole that is used to break through with "." has long since disappeared. So I used other methods. First, the first step is to rename the ASP file to be uploaded. The method is to add one suffix name.
OK, then upload.
When uploading, you used to use a punctuation to break through the upload. Now you just need to add an ASP to the suffix name. Then change the name of the newly uploaded file and change the file back to ASP.
Next, just like the vulnerability introduced in the tenth issue, edit and save the file.
OK, here we can break through the upload limit by modifying the suffix name. What we are talking about here is the uploaded vulnerability. Let’s talk about directly accessing the source code of any file in the Taoyuan network hard disk directory.
First, let’s review what I said in the tenth issue that you can directly submit and download the configuration file and database of the network disk. However, the one in the new version has basically been fixed. Now if you type the complete path, it will prompt that the file does not exist. However, although it cannot be downloaded directly in the new version, you can use the "../../" to jump to the website directory and edit any file in the network disk directory online. What's wrong, don't believe it? Please see, the submission code is as follows: ?file=../../&path=/.
See? Now you can edit the configuration file by using jump. Now that the database name is known, write the database name in the code.
What's wrong? Can you directly view the network disk database? I don't need to tell you how to operate the following. If you want to modify the other party’s network hard drive homepage, submit the file “”. Just save after modifying.
The technology submitted above is not new, but Taoyuan official was notified in September, and later mentioned on the homepage that the upload vulnerability and the breach library vulnerability were patched. But if it is really completely repaired, everyone will know that it is clear. You can break through with another method. And this method exists in some upload systems. Everyone should pay attention to the test in the future.