ewebeditor for php&asp version of the backend skips the authentication vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201026108
Type myhack58
Reporter 佚名
Modified 2010-01-30T00:00:00


Affected versions:php v3. 8,asp v2. 8

eWebEditor is a WYSIWYG online editor. As the name suggests, is on the network using the WYSIWYG edit mode for editing illustrated articles, news, discussions stickers, circulars, notes and other word processing applications.

../ewebeditor/admin/config. php file User authentication methods there are serious security vulnerabilities, you can directly skip the authentication access to administrator privileges.

Test method:

First of course you want to find the login background,默认 是 ../eWebEditor/admin/login.php,into the background after casually enter a user and password,of course, will prompt an error. This time you empty the browser's url,and then enter javascript:alert(document. cookie="adminuser="+escape("admin")); javascript:alert(document. cookie="adminpass="+escape("admin")); javascript:alert(document. cookie="admindj="+escape("1")); After three carriage returns,empty the browser's url,we have noticed,this time input the url you want to note,we this secondary input files are in normal cases proven to be able to browse the files such as../ewebeditor/admin /default.php Haha,go up,use and asp as,new styles to modify the upload,ok