天天看点

From LOW to PWNED [10] Honorable Mention: FCKeditor

FCKeditor is bundled with seems-like everything (ColdFusion, Drupal plugins, WordPress plugins, other random CMSs) and has probably been responsible for countless hacks via file upload issues.

Examples:

<a href="http://www.exploit-db.com/exploits/12697/">http://www.exploit-db.com/exploits/12697/</a>

<a href="http://www.exploit-db.com/exploits/15484/">http://www.exploit-db.com/exploits/15484/</a>

<a href="http://www.exploit-db.com/exploits/17644/">http://www.exploit-db.com/exploits/17644/</a>

<a href="http://www.exploit-db.com/search/?action=search&amp;filter_page=1&amp;filter_description=FCKeditor&amp;filter_exploit_text=&amp;filter_author=&amp;filter_platform=0&amp;filter_type=0&amp;filter_lang_id=0&amp;filter_port=&amp;filter_osvdb=&amp;filter_cve=">Big O'l list on Exploit-DB</a>

LOW?

Actually most FCKeditors checks in Nessus I found were either Medium or High (hence honorable mention and not in the talk).

<a href="http://1.bp.blogspot.com/-80Scuzz_jYk/T5QsNKaxWuI/AAAAAAAAAy4/aP361mluDHg/s1600/fckeditor-blog1-nessus.PNG"></a>

<a href="http://2.bp.blogspot.com/-JLIVCukrUc4/T5QsakDPm8I/AAAAAAAAAzA/EXgBfRqyyR8/s1600/fckeditor-blog2-nessus.PNG"></a>

There is a good write-up of a classic case of FCKEditor abuse here:

<a href="http://secureyes.net/nw/assets/File-Upload-Vulnerability-in-FCKEditor.pdf">http://secureyes.net/nw/assets/File-Upload-Vulnerability-in-FCKEditor.pdf</a>

Google Dorks

inurl:/editor/filemanager/browser/default/connectors/[LANGUAGE]/connector.php

继续阅读