Social worker database+configuration upload scored webshell-vulnerability warning-the black bar safety net

2010-01-19T00:00:00
ID MYHACK58:62201025988
Type myhack58
Reporter 佚名
Modified 2010-01-19T00:00:00

Description

BY:small Wu blog:http://hi. baidu. com/q369568652

Today in the group. A friend lost a station. That is the Universal password to everyone to help look.

Sure enough,a universal password to get in. Went in and saw no backup. There is an upload and ewebeditor.

!

Thought might win a bit difficult. He must get not only thrown out of the.

Upload and ewebeditor can use and you can get a webshell in.

I first said that under the first method used to get ewebeditor get.

Find ewebeditor address directly the point source file to find the edit so that you can find.

Ewebeditor background is the default. Social worker admin admin888 domain to do the password, and so on. No Agency in. However,the database is not the default. The database name is managed to changed so,I began to Agency database

For example,www.baidu.com/webeditor/db/baidu.mdb

www.baidu.com/webeditor/db/baidu.asa

www.baidu.com/webeditor/db/baidu.asp

And then the miracle finally appeared.

!

The direct use of Thunder download,and then,with a bright boy to open the database. Go to the cmd5 decrypt,into the background upload can be modified to upload asp you can get to a shell.

And then say that the first 2 methods,configuration upload to take.

Upload a picture and then capture. Capture everyone.

Below is the upload up a picture of the address and upload address. Look at this 2 pictures you can discover the mystery.

! !

Big cow have a look will understand,can be configured 1 5. asp directory and then through the windows of the analytical vulnerability to get webshell on.

!

And then directly Upload a jpg pony point source file to view the path you can get a webshell.

!

Article nothing technical content. Bull they don't laugh