动易2006最新漏洞补丁（Mobility 2006 latest vulnerability patch）.docVIP

动易2006最新漏洞补丁（Mobility 2006 latest vulnerability patch） [original] mobile easy 2006 latest vulnerability patch Article title: [original] PowerEasy 2006 latest patches of light at the top of mango published: 2007-02-2121:07 [[original] PowerEasy landlord 2006 latest patches Article author: light mango Source: Evil octal information security team () Mobile official announcement Mobile easy 2006 latest vulnerability announcement (2007-2-15) Vulnerability number: PEADegree of damage: extremely serious. Hackers can obtain WebShell privileges through this vulnerability. Impact version: Yi Yi 2006 all versions (including free edition, commercial SQL version and Access version), the official version of SP1, SP2, SP3, SP4, SP5 are affected by this. Vulnerability Description: because there is a Win2003 file parsing path vulnerabilities, when the folder name is similar to the hack.asp (i.e. when the folder name looks like a ASP file name), then this folder type text files can be in IIS as the ASP program to execute. In this way, hackers can upload an extension called JPG or GIF and so on, looks like a picture file Trojan file, through access to this file can run trojan. Because Microsoft has not yet released a patch of this vulnerability, so almost all sites will exist this vulnerability. For the article on this vulnerability, we can see here: /technology/ld/200409/164629.shtml In the 2006 part of the function is easy to move because it does not take into account the attack mode design, the hacker can extend around when uploading the file name extension of the normal inspection, upload Trojan files to get WebShell permissions. Background administrators with advanced privileges can also use this vulnerability to get WebShell privileges. Solemnly declare: please dont attack others after you have understood the flaw! Otherwise, you will be punished by the law! Temporary solution: delete the Space folder (temporary) and delete the User/User_Space.asp file. Patch file: no