Ewebsoft online editor vulnerability Exploitation

Now, more and more online editor users are using ewebsoft,

The harm is getting bigger and bigger ~

Reprinted:

Author: badwolf

Source: Bad Wolf Safety Net

Http://www.winshell.cn/

First, we will introduce some default features of the Editor:

Log on to admin_login.asp by default.

Default database dB/ewebeditor. MDB

Default Account admin password admin or admin888

Keyword: "inurl: ewebeditor" is very important

Someone searched for "ewebeditor-ewebsoft Online Editor"

No more ~

Baidu search inurl: ewebeditor

About 44,900 off webpages

Google

About 83,000 items

Tens of thousands of websites have at least thousands of default features ~

For example, assume that one address is

Http://www.xxx.com.cn/admin/eweb... 200632016527472.doc

Then try the Default background in 1.

Http://www.xxx.com.cn/admin/ewebeditor/admin_login.asp

Try to log on with the default account and password.

After successful entry ....

Select: → style management

Then you can see

Manage style name best width best height description

Standard 550 350 office standard style, some common buttons, standard for interface width, default style preview |Code| Settings | toolbar | copy

The setting cannot be changed for those with "copy.

We are looking for the words "delete.

Edit or add a style.

Here is a demonstration of the new style.

Style name: add one

Change the Flash type to Asa.

Then submit

Then return to → style management

Add a toolbar to the style you just added, and add a flash button to the toolbar.

Then submit

Then return to → style management

Select the set style and Click Preview.

Open the upload SWF button. We have set the upload ASA file.

We changed ASP Trojan to ASA for direct upload...

Webshell is ready .....