Network fun shopping system flagship version of eshop backend get webshell-vulnerability warning-the black bar safety net

ID MYHACK58:62201233251
Type myhack58
Reporter 佚名
Modified 2012-03-04T00:00:00


Disclosure of status:

2012-03-04: positive contact vendors and wait for manufacturers to claim, details not open to the public

2012-03-04: the vendors have actively ignored vulnerabilities, the details disclosed to the public

Brief description:

eWebEditor editor filter is not strict, direct upload shell. Although it is renamed to jpg. But the background has a Backup Database function, you can directly create the. asp folder, using the iis parsing vulnerability can be

Detailed description:

No authentication directly uploaded http://localhost:4 4 9 7/admin/editubb/eWebEditor. asp? id=2 This 2 can be any number

And then into the background with the backup

Repair solutions:

IIS parsing vulnerability.。 Editor set the permissions