快捷搜索:   nginx

修补CKFinder编辑器文件解析漏洞

 这种漏洞满天下都是 当然我们用的一个程序也不例外 顺便表示我是php文盲 人都是逼出来的啊~


我们需要做的是将重命名目录 重命名文件 建立目录都注释掉 很简单 看看代码就知道了
所有的函数都是抓包获取的 然后去文件中找 注释掉 下面我给出大家
当然目录不一定就是这个路径 大家可以按照实际情况去寻找文件
0x1 注释掉创建目录
ckfinder\core\connector\php\php4\CommandHandler\CreateFolder.php
ckfinder\core\connector\php\php5\CommandHandler\CreateFolder.php

/*禁止创建新文件夹
$sNewFolderName = isset($_GET["NewFolderName"]) ? $_GET["NewFolderName"] : ""; $sNewFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($sNewFolderName); if ($_config->forceAscii()) { $sNewFolderName = CKFinder_Connector_Utils_FileSystem::convertToAscii($sNewFolderName); }

if (!CKFinder_Connector_Utils_FileSystem::checkFileName($sNewFolderName) || $_resourceTypeConfig-
>checkIsHiddenFolder($sNewFolderName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); }
*/

0x2注释掉重命名文件
ckfinder\core\connector\php\php4\CommandHandler\RenameFile.php
ckfinder\core\connector\php\php5\CommandHandler\RenameFile.php
/*禁止重命名文件
} if (!isset($_GET["newFileName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); }
*/
0x3注释掉重命名目录
ckfinder\core\connector\php\php4\CommandHandler\RenameFolder.php

ckfinder\core\connector\php\php5\CommandHandler\RenameFolder.php
/*禁止重命名文件夹
if (!isset($_GET["NewFolderName"])) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); }
$newFolderName = CKFinder_Connector_Utils_FileSystem::convertToFilesystemEncoding($_GET["NewFolderName"]); $_config =& CKFinder_Connector_Core_Factory::getInstance("Core_Config"); if ($_config->forceAscii()) { $newFolderName = CKFinder_Connector_Utils_FileSystem::convertToAscii($newFolderName); } $resourceTypeInfo = $this->_currentFolder->getResourceTypeConfig();
if (!CKFinder_Connector_Utils_FileSystem::checkFileName($newFolderName) || $resourceTypeInfo->checkIsHiddenFolder($newFolderName)) { $this->_errorHandler->throwError(CKFINDER_CONNECTOR_ERROR_INVALID_NAME); } */

顶(0)
踩(0)

您可能还会对下面的文章感兴趣:

最新评论