/ f8 c+ z. t @2 O6 n' HFCKEditor ASP Version 2.6.8 File Upload Protection Bypass0 C& j- ~! m9 Y# B! @
o. F E9 c; a3 F. r
- Title: FCKEditor 2.6.8 ASP Version File Upload Protection bypass( {$ O# {: [8 F6 U" H- ~
- Credit goes to: Mostafa Azizi, Soroush Dalili 2 y. k$ ^3 J" `* _7 t |6 E0 M- Link:http://sourceforge.net/projects/fckeditor/files/FCKeditor/3 ?& \1 f3 D* K8 r* i
- Description:, s6 A* m6 \& L3 i
There is no validation on the extensions when FCKEditor 2.6.8 ASP version is4 P0 u+ R( D& m4 E
dealing with the duplicate files. As a result, it is possible to bypass4 |8 j4 @: K6 u7 M# L' ?9 r
the protection and upload a file with any extension.1 h- l0 p& k6 Q0 M4 g9 H
- Reference: http://soroush.secproject.com/blog/2012/11/file-in-the-hole/- A* u6 o% ]' n. e3 S J2 L
- Solution: Please check the provided reference or the vendor website.+ l: m9 b7 w. V S; a+ g+ I; S
- PoC:http://www.youtube.com/v/1VpxlJ5 ... ;rel=0&vq=hd7205 ~6 h3 H$ c) D1 o. P7 F
" # ]+ i y R/ _' k% x/ gNote: Quick patch for FCKEditor 2.6.8 File Upload Bypass:- H+ m7 d1 X" [% E9 i4 a v6 Y
In “config.asp”, wherever you have: 7 R" q* g6 \4 a b# }/ w ConfigAllowedExtensions.Add “File”,”Extensions Here”8 v8 I5 B6 p* Q3 J# f$ F9 Z
Change it to: 8 a3 `' j& C3 M ConfigAllowedExtensions.Add “File”,”^(Extensions Here)$” 1 L( J% z" x- S- |* P! o6 l; U' M# {- W$ K- S. W7 _
# \4 Z; o$ d" ^, z4 D
& @! a# J3 L, Z( z. e; _