无聊,看了下fckeditor的漏洞,发现有网友已经提出Fckeditor <= 2.4.2 的任意文件上传漏洞了,抱着好奇心看了一下源码,将漏洞复现,并讲解源码。
首先打开fckeditor\editor\filemanager\upload\php\config.php 配置fck。
我配置的信息如下 你们可以自己修改
<span style="font-family:Microsoft YaHei;font-size:14px;"><?php
/*
* FCKeditor - The text editor for Internet - http://www.fckeditor.net
* Copyright (C) 2003-2007 Frederico Caldeira Knabben
*
* == BEGIN LICENSE ==
*
* Licensed under the terms of any of the following licenses at your
* choice:
*
* - GNU General Public License Version 2 or later (the "GPL")
* http://www.gnu.org/licenses/gpl.html
*
* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")
* http://www.gnu.org/licenses/lgpl.html
*
* - Mozilla Public License Version 1.1 or later (the "MPL")
* http://www.mozilla.org/MPL/MPL-1.1.html
*
* == END LICENSE ==
*
* Configuration file for the PHP File Uploader.
*/
global $Config ;
// SECURITY: You must explicitelly enable this "uploader".
$Config['Enabled'] = true ;
// Set if the file type must be considere in the target path.
// Ex: /userfiles/image/ or /userfiles/file/
$Config['UseFileType'] = "/userfiles/file/" ;
// Path to uploaded files relative to the document root.
$Config['UserFilesPath'] = '/userfiles/' ;
// Fill the following value it you prefer to specify the absolute path for the
// user files directory. Usefull if you are using a virtual directory, symbolic
// link or alias. Examples: 'C:\\MySite\\userfiles\\' or '/root/mysite/userfiles/'.
// Attention: The above 'UserFilesPath' must point to the same directory.
$Config['UserFilesAbsolutePath'] = 'E:\\wamp\\www\\test\\fck\\242\\userfiles\\' ;
// Due to security issues with Apache modules, it is reccomended to leave the
// following setti