As an embedded program to many extent, eWebEditor is widely used. Every day, a large number of enterprise websites or even large and medium-sized websites are intruded into it due to their early version vulnerabilities.
Recently, hackers exploited the free WEB Editor (eWebEditor) vulnerability to intrude into the website. As a result, some website data was deleted and the home page was tampered. Recently, a city network supervisor analyzed the traces of the website being infiltrated and found that the basic situation is as follows:
1. A simple method to determine whether the website uses eWebEditor: Check the program source code to see if the source code is similar to "ewebeditor. asp? Id = "statement. If this statement exists, you can determine that the website actually uses the WEB Editor.
2. security vulnerabilities that may be exploited by hackers in the WEB Editor:
(1) The Administrator has not modified the database path and name of the editor. As a result, hackers can directly download the website database using the default path of the editor.
(2) The Administrator has not modified the user logon path of the editor. As a result, hackers can directly log on to the editor management background using the username and password obtained by the website database.
(3) security vulnerabilities in the WEB editor upload program:
See the Upload. asp file. The program has such an expression:
SAllowExt = Replace (UCase (sAllowExt), "ASP", "") asp script files cannot be uploaded under any circumstances
However, this statement only filters out ASP files and does not filter files such as ASA and CER. The above two types of files can also constitute an ASP program backdoor program. Hackers can also add "aaspsp" to the upload program type to bypass this method to filter extensions. According to the filter rules of this statement, "aaspsp" filters "asp" characters, instead, it becomes "asp". Similar vulnerability exploitation methods can also be used in 7.0 sp2 of the dynamic network forum.
Summary
In the face of such threats, website administrators should take the following preventive measures:
1. If the website uses the eWebEditor, the default database path and suffix of the editor should be modified in time to prevent unauthorized database downloads.
2. Modify the background logon path and default logon username and password of the editor to prevent hackers from entering the background management interface.
3. Modify the Upload. asp statement to prevent hackers from using it to Upload an ASP Trojan to gain WEB permissions.
4. Sort out the application extension ing in the IIS configuration of the website server in time to ensure that other types of files cannot run on the server website.