+ P: E& u" Q8 d0 G% k- ~- Title: FCKEditor 2.6.8 ASP Version File Upload Protection bypass8 O( i+ _0 b: T, g7 ?
- Credit goes to: Mostafa Azizi, Soroush Dalili ' P& b) z4 m9 k$ o* P% G+ G0 x! g3 s- Link:http://sourceforge.net/projects/fckeditor/files/FCKeditor/6 T7 F# }7 M1 q. e: o' e& i
- Description:$ d7 l( w4 [1 S" D- }+ ^
There is no validation on the extensions when FCKEditor 2.6.8 ASP version is( A' ~, ~9 |; M
dealing with the duplicate files. As a result, it is possible to bypass" r6 M) @- p4 A. h; [
the protection and upload a file with any extension.4 Z4 f7 R# z |6 k3 H
- Reference: http://soroush.secproject.com/blog/2012/11/file-in-the-hole/ 2 E( X3 s0 K1 b# v2 p) z- {- Solution: Please check the provided reference or the vendor website.( C8 H* | K( n
5 {( }4 w! F b
- PoC:http://www.youtube.com/v/1VpxlJ5 ... ;rel=0&vq=hd7207 G- K/ K, c, [2 ^$ y5 f
". z- ^) ]" K) ? P. m; n
Note: Quick patch for FCKEditor 2.6.8 File Upload Bypass:- B# c( @& g, w
: m( N- A, v8 ~( ~! s5 u. P% P: }In “config.asp”, wherever you have: : \6 h4 z' @1 O9 ^ ConfigAllowedExtensions.Add “File”,”Extensions Here” / T K) r3 n* {Change it to: $ E2 Y$ N$ x, q ConfigAllowedExtensions.Add “File”,”^(Extensions Here)$”在视频(需翻墙)里,我们可以看的很清楚:' O$ a" J3 }% J6 g+ c3 i