Thanks to the endless in freebuf community”share the mission”to give a clue, only with this article
Original post: http://club.freebuf.com/?/question/129#reply12
FCKEditor 2.6.8 file upload vulnerability
Exploit-db on the original as follows:
Solution: Please check the provided reference or the vendor website.
PoC:http://www. youtube. com/v/1VpxlJ5jLO8? version=3&hl=en_US&rel=0&vq=hd720 " Note: Quick patch for FCKEditor 2.6.8 File Upload Bypass:
In the “config. asp”, wherever you have: ConfigAllowedExtensions. Add “File”,”Extensions Here” Change it to: ConfigAllowedExtensions. Add “File”,”^(Extensions Here)$”
In the video for over the wall, we can see very clearly:
Next, we performed the second upload, the miracle happened.
代码 层面 分析 可以 看 下 http://lanu.sinaapp.com/ASPVBvbscript/121.html
CKFinder/FCKEditor DoS vulnerability
Compared to the last upload of the bug, this vulnerability individuals feel more interesting
CKFinder is a powerful and easy-to-use Web browser in the Ajax file Manager. Its simple interface makes it intuitive and quick to learn the various types of users, from senior professionals to Internet beginners.
CKFinder ASP version is such a process to upload the file:
When uploaded file name already exists, it will iterate to rename, such as file(1). ext exist, try to rename the file(2). ext...... Until not repeated so far.
So now the interesting thing-windows is prohibited”con”as file name on this issue I remember a long time ago, the win also had the con file name vulnerability, are interested in can be confirmed.