FeiXun enterprise website management system v2011 upload vulnerabilities pass to kill 0day-vulnerability warning-the black bar safety net

Affected version: v2011
Official website: http://www.webhtm.cn

PRODUCT DESCRIPTION:
Suitable Agent building a Business Site of the enterprise source code, The aspect of the practical!

Program description:

1. Features: simplified and Traditional Chinese switch, the product display system, news publishing system, Membership management system, message counter, website statistics, powerful back-office functions, etc.;
2. Pages included: home, company introduction, scrolling Bulletin notification release systems, enterprise Information Systems, product display systems, business cases published show system, enterprise recruitment information release system, information resources system, online order system, online customer service system, online guestbook system, site survey voting system, links system, members of the SMS with the mail sending system, website, data backup and recovery system, contact information, marketing, network, simple operation, powerful back office management system, etc.
   Front Desk username: webhtm password: 1 2 3 4 5 6
   Management address: A_Login. asp
   The background user name: admin password: admin

Vulnerability file: inc/UpFile. asp (code omitted)
inc directory and all the files are not verified. You can directly access the upfile. asp. By capture, NC submitted can be obtained websehll it.
Here I will not be a demo, build address: http://ww.xxx.com/inc/UpFile.asp?xPageName=PicLoad&FileNames=
Directly bright kid submit. Methods: the integrated upload—>power upload—>Upfile_SoftPic. asp in the root directory of the site to successfully get webshell on.