A simple description of the Fckeditor upload parsing vulnerability-vulnerability warning-the black bar safety net

2016-08-24T00:00:00
ID MYHACK58:62201678344
Type myhack58
Reporter 佚名
Modified 2016-08-24T00:00:00

Description

Directly through the known path to the file that broke the fck Editor Version information:

FCKeditor/_whatsnew.html

! 2 0 1 6 0 8 2 3 1 9 2 4 0 8

Through a common upload address, to test the upload point whether the presence of:

FCKeditor/editor/filemanager/browser/default/connectors/asp/connector. asp? Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/ FCKeditor/editor/filemanager/browser/default/browser. html? type=Image&connector=connectors/asp/connector. asp FCKeditor/editor/filemanager/browser/default/browser. html? Type=Image&Connector=http://www.site.com%2Ffckeditor%2Feditor%2Ffilemanager%2Fconnectors%2Fphp%2Fconnector.php (ver:2.6.3 test by) JSP version: FCKeditor/editor/filemanager/browser/default/browser. html? Type=Image&Connector=connectors/jsp/connector. jsp

! 2 0 1 6 0 8 2 3 1 9 2 4 4 7

This is due to the local test, I directly in can uploaded points create a folder x. asp.

! 2 0 1 6 0 8 2 3 1 8 5 5 0 5

Success Create Folder, and upload a picture of a horse.

! 2 0 1 6 0 8 2 3 1 8 5 5 3 1

We press F12 to use the review elements, to view the upload image store path:

/userfiles/image/x.asp/x.jpg

! 2 0 1 6 0 8 2 3 1 8 5 6 0 3

We will save the path entered into the URL address bar, to access! You can see that we have successfully accessed to our picture of the horse.

! 2 0 1 6 0 8 2 3 1 8 5 7 2 9

The use of Chinese knife connection! A successful connection! As shown in Figure:

! 2 0 1 6 0 8 2 3 1 8 5 9 2 9

In addition to the above, we can use the hand to try, but of course there is a relatively easy way to use. We can use the big cattle after the integration of the integrated use of the tool, use it we also can easily burst a path and upload the points. Here I A 2. 5 High version successfully broke the upload!

! 2 0 1 6 0 8 2 4 0 8 5 6 4 9

[1] [2] next