' C/ ^( G) b% U! i3 G9 s* w$ E原帖:http://club.freebuf.com/?/question/129#reply128 P5 x" \( W4 m. f, W @! ~
7 C6 ^ U+ w& l* ~( E
FCKEditor 2.6.8文件上传漏洞# D5 {! ] E, d% U: v# U
$ n1 ^4 F4 Z0 x! o9 f) [6 f
Exploit-db上原文如下: r( \1 r4 l! |
6 D6 e9 W6 d9 R+ T# m% R8 d
- Title: FCKEditor 2.6.8 ASP Version File Upload Protection bypass0 ^$ r; U( m4 D1 v) R
- Credit goes to: Mostafa Azizi, Soroush Dalili 3 [9 i% O5 @' N; N- Link:http://sourceforge.net/projects/fckeditor/files/FCKeditor/2 ^3 _2 A+ n% F0 {9 M: M W* h
- Description:: _3 J: w( \6 u) v
There is no validation on the extensions when FCKEditor 2.6.8 ASP version is- K! H$ j! ]" L$ |" g' N
dealing with the duplicate files. As a result, it is possible to bypass* ]% h% H+ @, I7 }- H
the protection and upload a file with any extension. # ]! A7 h5 {* {: O7 W& G4 l& n$ L: O- Reference: http://soroush.secproject.com/blog/2012/11/file-in-the-hole/# ~- p! n C7 A0 U# N
- Solution: Please check the provided reference or the vendor website.0 _3 |9 c9 W3 Q. x- g
: `/ @* b! z4 ~# N; p- PoC:http://www.youtube.com/v/1VpxlJ5 ... ;rel=0&vq=hd720* }( z1 X' y# ? |! ~: X" v+ \
" " o) ~! ^, L7 \- v+ B6 o4 I+ kNote: Quick patch for FCKEditor 2.6.8 File Upload Bypass:0 t3 ^; F: i( I, L* J1 u# j5 z8 b1 R8 Q4 n
& O& a4 h' [! Q0 S3 Z! T
In “config.asp”, wherever you have: # i( P: @# ^) u! x2 n& g" o ConfigAllowedExtensions.Add “File”,”Extensions Here”; S: N/ L" ^6 ?9 x: O. Q$ ?# k
Change it to:4 A0 ]& M2 a+ E" d6 q& z
ConfigAllowedExtensions.Add “File”,”^(Extensions Here)$”在视频(需翻墙)里,我们可以看的很清楚:& v( h* Q; H7 P N8 z+ R, ]