Talk about Ewebeditor editor of each version of the problem-the vulnerability warning-the black bar safety net
2009-11-15T00:00:00
ID MYHACK58:62200925289 Type myhack58 Reporter 佚名 Modified 2009-11-15T00:00:00
Description
Source: Tosec Security Team 'Blog
Recently read something about ewebeditor for this editor, with regard to this vulnerability or a lot, in fact a lot of people doingsecurity testingwhen most of the bias in the injection context, sometimes attention under editor aspect is good, there are mainly asp, aspx, php, etc. version
First of all we have to say under the asp version 如 :www.xxx.com/admin/ewebeditor/admin_login.asp this is a story about this in the editor backend, the username of course is also the default, if not you can download it in the database to give it a try, might be able to successfully decrypt the MD5, something like:
Mainly looking away. how to define this editor, the background of the default data is:.../db/ewebeditor. mdb or .../db/ewebeditor. asp, if crack not md5, you can also see where the style file is before being invaded, and so the former way to call the style can be uploaded directly.
On the aspx of the version I saw such a vulnerability, as follows:
ASPX version:
Affected files: eWebEditorNet/upload. aspx
Use method: add a good local cer Shell file. In the browser LAN Controller input javascript:lbtnUpload. click();you can get the shell
In fact, I more valued of is its path, ewebeditornet, with the other version of the small difference, for this version of the also need to continue to dig a new bug, which does not do too much introduction.
Continue to look at the php version, since the php script permissions than the asp is high too much, harm is particularly large, of course, the background and the password is the default, with asp is no different, there is also a style called upload vulnerability, requires certain prerequisites, probably will say about ewebeditor some of the problems, of course, are already found, just a simple summary, because of space limitations, more information about this vulnerability is also not the meaning cited, in the hope that you have more or less usefulness.
{"id": "MYHACK58:62200925289", "hash": "afacf41d43a50a70e955cab05170c6c8b725dec280510db914054abd5c9569c7", "history": [], "published": "2009-11-15T00:00:00", "hashmap": [{"hash": "caf9b6b99962bf5c2264824231d7a40c", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "70e68dde1e95e3a815b9df521b794635", "key": "description"}, {"hash": "ae11c83f6711d5882eab8c4f059ead1d", "key": "href"}, {"hash": "40ffbfb2555573f50c5e5ecf76ca4088", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "40ffbfb2555573f50c5e5ecf76ca4088", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "645396391020478112635e14b34a0f8b", "key": "reporter"}, {"hash": "319d29cad01a00f5367ef5c8b68d2386", "key": "title"}, {"hash": "0665a8b0792e65b50ab13aef58a018dc", "key": "type"}], "type": "myhack58", "objectVersion": "1.2", "references": [], "edition": 1, "enchantments": {"score": {"value": -0.5, "vector": "NONE", "modified": "2016-11-12T18:05:56"}, "dependencies": {"references": [], "modified": "2016-11-12T18:05:56"}, "vulnersScore": -0.5}, "cvelist": [], "modified": "2009-11-15T00:00:00", "title": "Talk about Ewebeditor editor of each version of the problem-the vulnerability warning-the black bar safety net", "viewCount": 1, "description": "Source: Tosec Security Team 'Blog\n\nRecently read something about ewebeditor for this editor, with regard to this vulnerability or a lot, in fact a lot of people doing[security testing](<http://www.myhack58.com/Article/html/3/Article_003_1.htm>)when most of the bias in the injection context, sometimes attention under editor aspect is good, there are mainly asp, aspx, php, etc. version\n\nFirst of all we have to say under the asp version \u5982 :www.xxx.com/admin/ewebeditor/admin_login.asp this is a story about this in the editor backend, the username of course is also the default, if not you can download it in the database to give it a try, might be able to successfully decrypt the MD5, something like:\n\n[www.xxx.com/ewebeditor/admin_login.asp](<http://www.xxx.com/ewebeditor/admin_login.asp>)\n\n[www.xxx.com/admin/eweb/admin_login.asp](<http://www.xxx.com/admin/eweb/admin_login.asp>)\n\n[www.xxx.com/admin/editor/admin_login.asp](<http://www.xxx.com/admin/editor/admin_login.asp>)\n\nMainly looking away. how to define this editor, the background of the default data is:.../db/ewebeditor. mdb or .../db/ewebeditor. asp, if crack not md5, you can also see where the style file is before being invaded, and so the former way to call the style can be uploaded directly.\n\nOn the aspx of the version I saw such a vulnerability, as follows:\n\nASPX version:\n\nAffected files: eWebEditorNet/upload. aspx\n\nUse method: add a good local cer Shell file. In the browser LAN Controller input javascript:lbtnUpload. click();you can get the shell\n\nIn fact, I more valued of is its path, ewebeditornet, with the other version of the small difference, for this version of the also need to continue to dig a new bug, which does not do too much introduction.\n\nContinue to look at the php version, since the php script permissions than the asp is high too much, harm is particularly large, of course, the background and the password is the default, with asp is no different, there is also a style called upload vulnerability, requires certain prerequisites, probably will say about ewebeditor some of the problems, of course, are already found, just a simple summary, because of space limitations, more information about this vulnerability is also not the meaning cited, in the hope that you have more or less usefulness.\n", "href": "http://www.myhack58.com/Article/html/3/62/2009/25289.htm", "bulletinFamily": "info", "reporter": "\u4f5a\u540d", "cvss": {"vector": "NONE", "score": 0.0}, "lastseen": "2016-11-12T18:05:56"}