Recent thinking from the new writing blog, I always take someone else's stuff posted Today in the blog on yourself to write something, nothing technical content, even if a summary. Hope the newbies some help, the cattle people to the table to laugh at me, huh?
ewebeditor, believe play the Black calf and the bull were already very familiar with, and use is also quite skilled, right? In fact, this was also don't want to write, think of With he took then stops, without leaving a memorial or not,：）
First of all: to period official introduction
eWebEditorTM? Online HTML editor! eWebEditor is browser-based, WYSIWYG online HTML editor. She was able to achieve on the page many desktop editing software such as: Word the powerful visual editing capabilities. WEB developers can use her to the traditional multi line text input box<TEXTAREA>replace visual rich text input box, so end users can visualize the release of HTML format web page content. eWebEditor! Has basically become a website content management to publish an essential tool!
If interested go to the official understand the details: http://www.ewebeditor.net/
Be the first to say focus it, this editor according to the script the main points are 3 versions, ASP/ASPX/PHP/ each version can be utilized
This version actually personally feel is the greatest impact, the most used one, the early a lot of asp station with this, Of course, now is also a lot of presence.
How to use? Generally use the default background URL is the default:
And account and password also basic is the default: admin admin
For to find this path there is a simple method, that is, in his station on the news or other sections for pictures, see pictures of the URL is also can be found, do not understand their own try will know
And if the default account and password is modified, we can download his database, and then the local crack MD5.
.../db/ewebeditor. mdb or .../db/ewebeditor. asp
General download after the database is open view on it, and then the background landing, new styles and... Upload ASA horse is...
Some stations database is set read-only attribute, so that the station you are unable to add new style, so the station you can see the other database in the style of the setting, generally most of the time is to allow people to get through, and obviously the asa in there... Oh, so then you can directly construct a call to this style of connection to upload shell
Such as found in the database in a style 1 2 3 his set is that you can upload the asa while
Then you can do this call:
http://www.xxx.com/eWeb/eWebEditor.asp?id=contentCN&style=1 2 3
So that you can upload directly, then at the point“edit”you will find the shell's path.
In fact, this vulnerability is mainly the upload. asp filter is not strict result of the new version should have fixed, specific affected versions, I didn't statistics too
Also in the publication of another ewebeditor vulnerability
Vulnerability file:Admin_Private. asp Vulnerability statement:
If Session("eWebEditor_User") = "" Then Response. Redirect "admin_login. asp" Response. End End If
Only the judgment of the session, did not determine the cookies and path verification problem. Exploit: Create a new mrchen. asp reads as follows: <%Session("eWebEditor_User") = "1 1 1 1 1 1 1 1"%> Access mrchen. asp, and then access the backend of any file, for example:Admin_Default. asp
This shell method is simple, and not described in detail, and do not understand can contact me qq: 8 1 7 5 2 2 9
Affected files: eWebEditorNet/upload. aspx
Since the PHP script special nature of the default permissions, this is not advertised too much.
Of course, the simple, the default background, the default account password: admin admin can still be used
Only this one does not count the vulnerability the vulnerability can also be directly scored many server, and Oh, the many direct system privileges
shell in a direct net user xxx xxx /add are possible。。。。
Well now 2 a.m. and a half, but also sleepy, think of these just write it, after having wanted to write in the Supplement, also hope to see the Friends, the cattle people a lot of pointing, a lot of supplements, Oh, it's nothing technical content of it!
Note:after reading this article friends don't find me to ask me how to find these vulnerabilities in the Server, this I will not answer you, if it is a technical problem, I will put my know tell you otherwise herein, nothing technical content, if I have to reprint the words of hope leave a copyright, Thank you.