Website bug fix ueditor Vulnerability arbitrary file Upload Vulnerability 2018. NET new

Source: Internet
Author: User
Tags website server

Ueditor recently exposed to high-risk loopholes, including the current official Ueditor 1.4.3.3 latest version, are affected by this vulnerability, Ueditor is the official Baidu technical team developed a front-end editor, you can upload pictures, write text, support custom HTML writing, Mobile and computer-side can be seamlessly docking, adaptive pages, pictures can automatically adapt to the current upload path and page scale, some video file upload, open source, efficient, stable, safe, has been well received by the Webmaster's favorite.

Baidu's Ueditor text editor, rarely exposed in recent years, there is no absolute, there will always be loopholes, the exposure of the vulnerability is. NET version, the other php,jsp,asp version is not affected by this ueditor vulnerability,. NET has arbitrary file upload, Bypassing the file format restrictions, in the acquisition of remote resources when the remote file format is not strictly filtered and judged, the attacker can upload arbitrary files including script execution files, including ASPX script Trojan, ASP script Trojan, can also exploit the Ueditor vulnerability to the server attack, The execution system name destroys the server, because the vulnerability severity is high, the victim website is more, the analysis and recurrence of this vulnerability is as follows:

We download the official Ueditor 1.4.3.3 version, select the. NET language, see the last update date is 2016-05-26, we find a server to build the ASPX environment, install iis7.5, we upload the file when the construction of a malicious HTML file, Facilitates our submission of data in the past:

Then we open the HTML to see, need a remote link to the file, here we can find a picture script Trojan, preferably a word picture pony, the pony file uploaded to our website server, the file name to Anquan.jpg? aspx, and then copy the Web site that is linked to the constructed HTML, such as:

Click Submit, upload success directly, and return to our ASPX script Trojan path address, we can use it when we open it.

Uedito Vulnerability Analysis

So how did the Uedito loophole occur? The most important is the use of IIS directory decompression function, while the decompression will go to access the controller files, including controller.aspx files, when uploaded to the site, will automatically extract and invoke some special application directory address, some directories can be remote call, we look at the following code:

So how to Uedito vulnerability to the site bug fix it?

1. The current temporary bug fix is recommended that the file upload directory settings without script execution permissions, Uploadvideo, Uploadimage, Catchimage, Uploadscrawl, UploadFile, and so on the directory are set without script permissions.

2. Before Baidu Ueditor official no patch, set the picture directory as read-only, prohibit writing.

3. Modify the source code of the program, the Crawlerhandler source file upload format of the strict filtering and judgment.

Website bug fix ueditor Vulnerability arbitrary file Upload Vulnerability 2018. NET new

Large-Scale Price Reduction
  • 59% Max. and 23% Avg.
  • Price Reduction for Core Products
  • Price Reduction in Multiple Regions
undefined. /
Connect with us on Discord
  • Secure, anonymous group chat without disturbance
  • Stay updated on campaigns, new products, and more
  • Support for all your questions
undefined. /
Free Tier
  • Start free from ECS to Big Data
  • Get Started in 3 Simple Steps
  • Try ECS t5 1C1G
undefined. /

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.