WebEditorNet 主要是一个upload.aspx文件存在上传漏洞。
<form id="post" encType="server">
"uploadfile" style="file" size="uploadfile" runat=
"lbtnUpload" runat=
"JavaScript">
只是简单的对ID进行验证,只要构造javascript:lbtnUpload.click();满足条件达到上传木马的效果。成功以后查看源代码
a "lbtnUpload" "javascript:__doPostBack('lbtnUpload','')"</>script 'javascript'</>
eWebEditorNet upload.aspx 上传漏洞
Published:2008-09-03
Vulnerable:
WebEditorNet
Discription:
<*References
坏狼安全网*>
SEBUG Solution:
暂无
// Sebug.net [ 2008-09-03 ]