today with the following eWebEditor,
GHD Benefit Styler, according to one article in the Internet changed a morsel. because of fear of black ah,
GHD Hair Straighteners, on-line means have eWebEditor vulnerabilities, so you must change to change, Papa!
Step One: Download eWebEditor2.8 revised version
Download http://ewebeditor.webasp.net/download.asp
extract project files into the directory. For ease of use I renamed the file ewebeditor
second step: to edit the pertinent cry to the editor of the ASP file
third step: Modify eWebEditor Editor
1, so that open patronize because inserting page crashes
eWebEditor / db / ewebeditor.mdb =>
open eWebEditor_Button table =>
21 in the penultimate line of
B_Title field is Editor.js
inserted before the 777 line
circumstance ; / / Insert a page break
insertHTML (break;
2, modify the redactor to save the file upload path
open eWebEditor_Style Table
ascertain the manner you use the line, I use s_newssystem field merit changes S_UploadDir
I change / UpLoadFiles /
editor so I will upload pictures and other files in the root directory of the UpLoadFiles folder.
fourth step: the safety of the editor
1, the editor ought be promptly modify the default database path (db) and the database appoint (ewebeditor.mdb), and in the Include / Startup.asp statements change the connection to prevent hackers illegally downloaded the database, Change EWebEditor folder name is not accessible surmised!
2, delete the catalogue of entire starting to Admin. asp file to discourage hacking into the backdrop treatment interface
3, modify the style sheet in the file upload path protection path is not the editor be seen instantly, or open the database table eWebEditor_Style, modify S_UploadDir content. such as UploadFile the root directory of the directory, so that some human can not directly address along looking by pictures to look the residence of the editor,
GHD Purple Gift Set!
4, modify the statement of Upload.asp to prevent hackers using Trojan horses to acquisition their WEB ASP Upload approval
in Upload.asp file inside, find the words sAllowExt = Replace (UCase (sAllowExt), , Replace (sAllowExt,
GHD Midnight Collection, )
sAllowExt = Replace (sAllowExt, Replace (sAllowExt, , > sAllowExt = Replace (sAllowExt, = Replace (sAllowExt,
5, in a timely form above the IIS web server configuration, petition enhancement charting to mobilize, to assure namely additional types of files can no be sprint above the server site
EWebEditor vulnerability Improvement:
1. In EWebEditor add IP control
tempwid then
cutstr = left (tempstr, tempwid) & userip = Request.ServerVariables (userip ,'Response.end ()
set rs = server.createobject (
do meantime not rs.eof
TrustIp = Trim (Rs (= True
exit do
else
rs.movenext
end if
else
Position = Instr (TrustIp ,) = left (userip, Position) then
UserIpTrusted = True
exit do
else
rs.movenext
end if
end if
loop
if UserIpTrusted = False then
Response.jot . asp''; Communication Type)
4. modify the file filter type EWebEditor asp,
GHD Precious Gift Set, cer, cdx, htr, stm, asa (Upload.asp)
''is not permitted below whichever circumstances upload asp, CER, ASA, CDX , HTR, stm script file
sAllowExt = Replace (Replace (Replace (Replace (Replace (Replace (UCase (sAllowExt),
GHD Red Styler, code bar)
5. adjust EWebEditor the database path, and in the Include / Startup.asp change the linkage statement.
Repair eWebEditor vulnerability apt memorandum the
Threaded Mode