: H& q: @9 Q7 k$ F( f9 f' QFCKEditor 2.6.8文件上传漏洞) Y% I2 S) m6 C I1 Z& T
4 n9 A, W K% y6 r) c" E
Exploit-db上原文如下: + H+ |3 {6 K2 ^" ^1 T4 I) t2 \' F7 T2 Y" D% K3 G
- Title: FCKEditor 2.6.8 ASP Version File Upload Protection bypass + N$ `$ _ H. e# V/ P+ _/ K- Credit goes to: Mostafa Azizi, Soroush Dalili ! c3 ]+ W; i* _4 U- Link:http://sourceforge.net/projects/fckeditor/files/FCKeditor/" V6 ?: X* ^3 }& F1 I5 u
- Description:1 S3 d9 I' U& Z: z8 n
There is no validation on the extensions when FCKEditor 2.6.8 ASP version is( A8 [4 C5 c! O; N$ E5 A% P5 V
dealing with the duplicate files. As a result, it is possible to bypass A$ r# O7 W( G; f s; u
the protection and upload a file with any extension. # B* f& t) x: H* ^3 f+ n. ^& h' }- Reference: http://soroush.secproject.com/blog/2012/11/file-in-the-hole/2 Z' _0 k) e* C" A! Z$ S2 u
- Solution: Please check the provided reference or the vendor website.6 ]8 b- s5 z6 n6 r2 ]
, K- S; u; P3 B8 a; a
- PoC:http://www.youtube.com/v/1VpxlJ5 ... ;rel=0&vq=hd720/ H l2 {* w' h7 v; }2 g/ _- t
" 2 K1 Q: R5 X3 O- l0 Z" c+ {Note: Quick patch for FCKEditor 2.6.8 File Upload Bypass:) Q* U- h5 T* L0 d$ p
0 c: k. c. Y6 f$ O; w' WIn “config.asp”, wherever you have: 4 `2 f3 o5 g; S6 {, W ConfigAllowedExtensions.Add “File”,”Extensions Here”8 }6 J) ~6 P2 W+ b
Change it to:% A O$ }- d g9 }7 y3 d. D6 }
ConfigAllowedExtensions.Add “File”,”^(Extensions Here)$”在视频(需翻墙)里,我们可以看的很清楚:/ Y, K7 |0 t5 T( f3 E9 v