How to search editor vulnerability?
site:editor inurl:asp? id inurl:ewebeditornet
Such as the common editor of the vulnerability are:
ewebeditor ewebeditornet fckeditor editor southidceditor SouthidcEditor bigcneditor
A:ewebeditor is an example
1:default download down the back:
Background if can enter:
You can click on the style of management:
standard copy(directly modified modified not)
In the copy of a copy of Riga into the picture type( asa aaspsp ) and then point to preview
The editor in point of design, and then directly upload asa Malaysia.
After uploading the code, you can see the horse's position!
(Principle:because in iis in the site attribute in the application configuration an asa extension or with asp. dll to parse,asp is also there are cer cdx )
In cer, cdx, asa is deleted then the horse will not find the map but to.
Can copy after the style of the picture type Riga into the aaspsp and then in the upload directly, you can upload the asp file
2:Download the default database
Then the analysis of the database
webeditor_system(1) You can see the user name and password if the crack is not out
In webeditor_style(1 of 4 styles table
Mainly to see the allowed Upload file extension(s-fileext s_ingeext)
See a small hack ever to engage in too much asa aaspsp
You can use him to use! (The background can't find the case you can also use this method)
You can construct the statement:
Such as ID=4 6 s-name =standard1
Configuration code: ewebeditor. asp? id=content&style=standard
ID and and the style name changed after
ewebeditor. asp? id=4 6&style=standard1
Then it's into the editor to upload asa or asp to get webshell
The default upload address:
You can directly Upload a cer Trojan
Unable to upload the case
Then view the source code:
Find uploadsave find the address
The default passed to uploadfile to this folder.
(Bug fixes: can the iss in directly to the upload folder execute permissions, select None. )
http://www.test.com/fckeditor/editor/filemanager/browser/default/connectors/asp/connector.asp?Command=FileUpload&Type=Image&CurrentFolder=/ Put the file name of the segment changed NEWfile to choose File name can be defined Upload later in/userfiles/image/find file
This page not much to say
Prevention method is very simple it does not speak,
FCKeditor upload vulnerability,
Open this address you can upload any type of file, the horse is uploaded to the location is: http://www.xxx.com/UserFiles/all/1.asa "Type=all" this variable is defined,here to create all this directories,and new directories not Upload File format restrictions.
For example, enter: http://www.xxx.com/admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=monyer&Connector=connectors/asp/connector. asp
The transmission of the file to http://www.xxx.com/UserFiles/monyer/ a
And if this is the input:http://www. xxx. com/admin/FCKeditor/editor/filemanager/browser /default/browser. html? Type=../&Connector=connectors/asp/connector. asp It can be transmitted to a website under the root directory,the site support what the script. what the script of the horse.
The transmission of the file to the web root directory.
http://www.b-horse.cn/newEbiz1/EbizPortalFG/portal/html/BBSThreadMessageMaint.html?forumID=46&threadID=4 5 7&messageID=5 3 2&ListType=FromForum&FromCurrentPage=1&time=1 2 1 9 2 8 2 2 3 2 7 8 1