Pay attention to the following aspects to fix the eWebEditor Vulnerability (summary)

Source: Internet
Author: User
Tags server website servervariables

ShiDao Network
Step 1: Download The eWebEditor2.8 revised version

Http://ewebeditor.webasp.net/download.asp
Decompress the package to the project file directory. For ease of use, I changed the file to ewebeditor.

Step 2: Modify the ASP file called to the editor

<***** ID = "Editor" src = "ewebeditor/ewebeditor. asp? Id = NewsContent & style = s_newssystem "frameborder =" 0 "scrolling =" no "width =" 100% "HEIGHT =" 100% "> </*****>


Step 3: Modify the eWebEditor

1. Enable pagination characters to be inserted.
Open eWebEditor/db/ewebeditor. mdb =>
Open the eWebEditor_Button table =>
In the last 21 rows
The value of the B _Title field is "show or hide Guidelines" and changed to "insert system pagination"
Change the B _Event field value to "showBorders ()" and insert (SplitPage )"
Open WebEditor/Include/Editor. js
Insert before row 777
Case "SplitPage": // insert a paging character
InsertHTML ("<HR sysPageSplitFlag> ");
Break;
2. Modify the Save path of the uploaded files in the editor.
Open the eWebEditor_Style table
Find the row where your style is located. I used s_newssystem to modify the value of the S_UploadDir field.
I changed it to/UpLoadFiles/
In this way, all the images uploaded using the editor will be under the UpLoadFiles folder in the root directory.

Step 4: security of the Editor

 

1. Modify the default database path (db) and database name (ewebeditor) of the editor in time. mdb), and in Include/Startup. asp changes the connection statement to prevent unauthorized database downloads. It is hard to guess how to change the EWebEditor folder name!

2. Delete all. asp files starting with Admin in the directory to prevent hackers from entering the background management interface.

3. Modify the File Upload path in the style sheet to prevent direct display of the editor path, or open the table eWebEditor_Style in the database to modify S_UploadDir. for example, "/UploadFile/" indicates that all files are uploaded to the UploadFile directory under the root directory of the website, so that some people cannot directly view the editor address by viewing the image address!

4. Modify the Upload. asp statement to prevent hackers from using it to Upload an ASP Trojan to gain WEB permissions.

In the Upload. asp file, find sAllowExt = Replace (UCase (sAllowExt), "ASP ","")

Replace this sentence
Do While InStr (sAllowExt, "ASP") or InStr (sAllowExt, "CER") or InStr (sAllowExt, "ASA") or InStr (sAllowExt, "CDX ") or InStr (sAllowExt, "HTR ")
SAllowExt = Replace (sAllowExt, "ASP ","")
SAllowExt = Replace (sAllowExt, "CER ","")
SAllowExt = Replace (sAllowExt, "ASA ","")
SAllowExt = Replace (sAllowExt, "CDX ","")
SAllowExt = Replace (sAllowExt, "HTR ","")
SAllowExt = Replace (sAllowExt, "CGI ","")
SAllowExt = Replace (sAllowExt, "ASPX ","")
SAllowExt = Replace (sAllowExt, "ASP. JPG ","")
SAllowExt = Replace (sAllowExt, "CER. JPG ","")
SAllowExt = Replace (sAllowExt, "ASA. JPG ","")
SAllowExt = Replace (sAllowExt, "CDX. JPG ","")
SAllowExt = Replace (sAllowExt, "HTR. JPG ","")
SAllowExt = Replace (sAllowExt, "CGI. JPG ","")
SAllowExt = Replace (sAllowExt, "ASPX. JPG ","")
Loop

5. Sort out the application extension ing in the IIS configuration on the website server in time to ensure that other types of files cannot run on the server website.

How to Improve the EWebEditor vulnerability:

1. Add IP Control to EWebEditor
<%
Establish a connection
Dim conn, connstr
Connstr = "driver = {SQL server}; server =.; uid = yst06; pwd = yst06; database = yst06"
Set conn = Server. Createobject ("ADODB. Connection ")
Conn. open connstr
**************************************** ***********
Function: controls the character length.
Parameter: cutstr
**************************************** ***********
Function cutstr (tempstr, tempwid)
If len (tempstr)> tempwid then
Cutstr = left (tempstr, tempwid )&"..."
Else
Cutstr = tempstr
End if
End function
Userip = Request. ServerVariables ("HTTP_X_FORWARDED_FOR ")
If userip = "" Then
Userip = Request. ServerVariables ("REMOTE_ADDR ")
End if
Userip = cstr (userip)
Response. write userip & "<br>"
Response. write Instr (userip, "*")-2
Response. End ()
Ip = "210.29.168.123"
Response. write Instr (ip ,"*")
Response. end ()
Set rs = server. createobject ("adodb. recordset ")
SQL = "select * from IP where state = 1"
Rs. open SQL, conn, 1, 1
Do while not rs. eof
TrustIp = Trim (Rs ("IP "))
If Instr (TrustIp, "*") = 0 then
If TrustIp = userip then
UserIpTrusted = True
Exit do
Else
Rs. movenext
End if
Else
Position = Instr (TrustIp, "*")-2
If left (TrustIp, Position) = left (userip, Position) then
UserIpTrusted = True
Exit do
Else
Rs. movenext
End if
End if
Loop
If UserIpTrusted = False then
Response. write "<script language = javascript> alert (illegal IP login, please contact the administrator !); Location. href = ../index. asp; </script>"
End if
%>
2. Change the EWebEditor folder name
3. Modify the EWebEditor management background (User Name/password/File Upload type allowed)
4. Modify the file filtering types asp, cer, cdx, htr, stm, and asa (Upload. asp) in EWebEditor)
Asp, CER, ASA, CDX, HTR, and stm script files are not allowed to be uploaded under any circumstances.
SAllowExt = Replace (UCase (sAllowExt), "ASP", "**"), "CER ","**"), "ASA", "**"), "CDX", "**"), "HTR", "**"), "stm ","**") (This is not recommended. Use the filter code written by others above)
5. Modify the database path of the EWebEditor and change the connection statement in Include/Startup. asp.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.