Talk about Ewebeditor editor of each version of the problem-the vulnerability warning-the black bar safety net

2009-11-15T00:00:00
ID MYHACK58:62200925289
Type myhack58
Reporter 佚名
Modified 2009-11-15T00:00:00

Description

Source: Tosec Security Team 'Blog

Recently read something about ewebeditor for this editor, with regard to this vulnerability or a lot, in fact a lot of people doingsecurity testingwhen most of the bias in the injection context, sometimes attention under editor aspect is good, there are mainly asp, aspx, php, etc. version

First of all we have to say under the asp version 如 :www.xxx.com/admin/ewebeditor/admin_login.asp this is a story about this in the editor backend, the username of course is also the default, if not you can download it in the database to give it a try, might be able to successfully decrypt the MD5, something like:

www.xxx.com/ewebeditor/admin_login.asp

www.xxx.com/admin/eweb/admin_login.asp

www.xxx.com/admin/editor/admin_login.asp

Mainly looking away. how to define this editor, the background of the default data is:.../db/ewebeditor. mdb or .../db/ewebeditor. asp, if crack not md5, you can also see where the style file is before being invaded, and so the former way to call the style can be uploaded directly.

On the aspx of the version I saw such a vulnerability, as follows:

ASPX version:

Affected files: eWebEditorNet/upload. aspx

Use method: add a good local cer Shell file. In the browser LAN Controller input javascript:lbtnUpload. click();you can get the shell

In fact, I more valued of is its path, ewebeditornet, with the other version of the small difference, for this version of the also need to continue to dig a new bug, which does not do too much introduction.

Continue to look at the php version, since the php script permissions than the asp is high too much, harm is particularly large, of course, the background and the password is the default, with asp is no different, there is also a style called upload vulnerability, requires certain prerequisites, probably will say about ewebeditor some of the problems, of course, are already found, just a simple summary, because of space limitations, more information about this vulnerability is also not the meaning cited, in the hope that you have more or less usefulness.