eWebEditor . Net versions vulnerability-vulnerability warning-the black bar safety net

2010-05-01T00:00:00
ID MYHACK58:62201026815
Type myhack58
Reporter 佚名
Modified 2010-05-01T00:00:00

Description

Release date: 2010-04-23 Affected versions: ASPX version Vulnerability description: eWebEditorNet is mainly a upload. aspx file there upload vulnerability.

Principle:

Code <form id="post" encType="server"> "uploadfile" style="file" size="uploadfile" runat= "lbtnUpload" runat= "JavaScript"> Just a simple ID verification As long as the configured javascript:lbtnUpload. click();meet the conditions Reached to upload the Trojan effect After the success View Source

Code a "lbtnUpload" "javascript:__doPostBack('lbtnUpload',")"</a>the script 'javascript'</a> Trojan specific address for the /eWebEditorNet/UploadFile/2 0 0 8 0 1 1 4 1 0 4 4 4 1 2 1 9 8. cer This will easily take down a website.