freetextbox editor 0day and fix-vulnerability warning-the black bar safety net

2011-03-21T00:00:00
ID MYHACK58:62201129811
Type myhack58
Reporter 佚名
Modified 2011-03-21T00:00:00

Description

By:kook

Vulnerability Description: The All version didn't do login authentication can directly access to the upload Trojan FTBv3-3-1 can directly upload any file format Freetextbox 1.6.3 and other versions can be uploaded in the format 1. asp;. jpg file upload after the Trojan address as the http://site address/images/1. asp;. jpg Vulnerability file: ftb. imagegallery. aspx Workaround: add code to add login authentication Program code private void Page_Load(object sender, System. EventArgs e) { string isframe = "" + Request["frame"]; Freetextbox to upload pictures directly to retain the original file name, this place to do a modification, and upload the file using the time series do file name. Modify as follows: Find Program code UploadFileName = UploadFileName. Substring(UploadFileName. LastIndexOf("\\")+1);

Below it add the following code

Program code //*** UploadFileName = DateTime. Now. ToString() + UploadFileName. Remove(0, UploadFileName. LastIndexOf(".")); UploadFileName = UploadFileName. Replace(":", ""). Replace("-", ""). Replace(" ", ""); //by Yation. Team 2009/7/17 upload files with time to rename

Before someone has published over fb storm path method http*. cn/helps/ftb. imagegallery. aspx? frame=1”in the address followed by the&rif=..&cif=..in the access to the entire website directory on the presentation at hand,the following have to upload the Delete button... The amendment is as follows: Find Program code if (cif != "" && rif != "") {

The RootImagesFolder. Value = rif;replace into

Program code //***** RootImagesFolder. Value = DefaultImageFolder; Array srtArray = cif. Split('\\'); string str = srtArray. GetValue(0). ToString(); if (str != DefaultImageFolder) { cif = DefaultImageFolder; } cif = cif. Replace("..\\", ""). Replace("../",""); //Prevent leapfrog view the file by kook. - 2011.2.22