四通政府CMS管理系统漏洞(二)
二.获取webshell
在后台有个网站基本配置栏目,有很多的站点都可以在这里写入一句话木马得到webshell。打开文件代码是这么写的:
以下是引用片段: <% zf11_description = trim(Request.form("zf11_description")) zf11_http = trim(Request.form("zf11_http")) zf11_icp = trim(Request.form("zf11_icp")) voteincdir = server.mappath("Include/setting.asp") Const ForReading =1, ForWriting = 2 set fs = CreateObject("Scripting.FileSystemObject") set ts = fs.OpenTextFile(voteincdir,ForWriting, True) ts.Write " zf11_http= "&""""&zf11_http&""""& vbCrLf ts.Write " zf11_icp= "&""""&zf11_icp&""""& vbCrLf ts.Write " zf11_line_H= "&""""&zf11_line_H&""""& vbCrLf ts.Write " zf11_Logo= "&""""&zf11_Logo&""""& vbCrLf %> 代码我截取了部分,变量基本上只是过滤空格后直接保存到 Inlcude / setting.asp文件中,我们写入一句话木马 即可。如图10
![淮南[中国新闻网]皮雕软硬包背景墙](https://pic17_2.qiyeku.com/qiyeku_pic/2017/6/28/mnkzs/news/news_pic/image/2017_08_22/20170822034224833.jpg)
