Source: Tosec Security Team 'Blog
Recently read something about ewebeditor for this editor, with regard to this vulnerability or a lot, in fact a lot of people doingsecurity testingwhen most of the bias in the injection context, sometimes attention under editor aspect is good, there are mainly asp, aspx, php, etc. version
First of all we have to say under the asp version 如 :www.xxx.com/admin/ewebeditor/admin_login.asp this is a story about this in the editor backend, the username of course is also the default, if not you can download it in the database to give it a try, might be able to successfully decrypt the MD5, something like:
Mainly looking away. how to define this editor, the background of the default data is:.../db/ewebeditor. mdb or .../db/ewebeditor. asp, if crack not md5, you can also see where the style file is before being invaded, and so the former way to call the style can be uploaded directly.
On the aspx of the version I saw such a vulnerability, as follows:
Affected files: eWebEditorNet/upload. aspx
In fact, I more valued of is its path, ewebeditornet, with the other version of the small difference, for this version of the also need to continue to dig a new bug, which does not do too much introduction.
Continue to look at the php version, since the php script permissions than the asp is high too much, harm is particularly large, of course, the background and the password is the default, with asp is no different, there is also a style called upload vulnerability, requires certain prerequisites, probably will say about ewebeditor some of the problems, of course, are already found, just a simple summary, because of space limitations, more information about this vulnerability is also not the meaning cited, in the hope that you have more or less usefulness.