Tosec Security Team Blog
I recently read some editor about ewebeditor, but there are still many vulnerabilities. In fact, many people tend to focus on injection when conducting security detection, sometimes it is good to pay attention to the editor. At present, there are mainly asp, aspx, php and other versions.
First, let's talk about the asp version, such as prepare:
Www.xxx.com/ewebeditor/admin_login.asp
Www.xxx.com/admin/eweb/admin_login.asp
Www.xxx.com/admin/editor/admin_login.asp
It mainly depends on how developers Define this editor. The default data in the background is :... /db/ewebeditor. mdb or... /db/ewebeditor. asp. If md5 cannot be cracked, you can also check whether the style file has been intruded before. You can directly upload the Style File by calling the style file of the predecessors.
I have seen this vulnerability on the Internet about the aspx version, as follows:
ASPX:
Affected files: eWebEditorNet/upload. aspx
Method of exploits: add the Shell file of the local cer. Input javascript: lbtnUpload. click (); in the scanner to get the shell
In fact, what I pay more attention to is its path. ewebeditornet is different from other versions. We need to continue mining new bugs for this version, so we will not introduce it too much.
Let's continue to look at the php version. Because php script permissions are much higher than asp, the harm is extremely high. Of course, the backend and password are default, which is no different from asp, the style call upload vulnerability also exists (certain prerequisites are required). Here we will talk about some issues about ewebeditor, of course, all of which have been found, but below is a simple summary, due to limited space, more information about this vulnerability cannot be listed, and we hope it will be of more or less use to you.