Signaling network of independently developed web site source code 0day vulnerabilities-vulnerability warning-the black bar safety net

ID MYHACK58:62201131518
Type myhack58
Reporter 佚名
Modified 2011-08-09T00:00:00


Author: script kiddies

This website source code Super cow. Anti-implantation to upload very difficult to break. Background system/login. asp is also

Into the ewebeditor is also anti-password

A lot of big cattle are very difficult to engage the under

This source code after a social worker was engaged to. Into the background found there ewebeditor

So a Write a pass to kill vulnerability

Google search inurl:product1. asp? tyc=

Editor vulnerability the default background ubbcode/admin_login. asp

Database ubbcode/db/ewebeditor. mdb

The default account password yzm 1 1 1 1 1 1

Get the webshell method

Landing back click on the“style management”-select the new style Just write these things we do on the line Style name:scriptkiddies feel free to write Path mode: select absolute path Image type: gif|jpg|jpeg|bmpasp|asa|aaspsp|cer|cdx

A picture type such as is that we want to upload ASP Trojan format

Upload path:/

Picture limit: write 1 0 0 0 free of ON not we the asp Trojan Upload content do not write

Then we can submit. You can see the style increased success! Then we press-and-return style of management find just add the style name and then press the toolbar, press the new toolbar Then press the-button to set the optional buttons to select the Insert a picture and then press on-and then save the settings

And then the web address bar directly input ubbcode/Upload. asp? action=save&type=&style=scriptkiddies

On our ASP Trojan enter you can wait until the path

You know