Bigace是一款SEO优化的内容管理系统,Bigace 2.7.5中FCKeditor存在文件上传漏洞,可能导致攻击者获取WebShell。

[+]info:
~~~~~~~~~

[~] Title     : Bigace 2.7.5 Remote Upload file Vulnerability
[~] Author    : Net.Edit0r
[~] Vendor or Software Link  :
[~] Email     : Black.hat.tm@gmail.com
[~] Data  : 2011-03-29
[~] Google dork: "Powered by Bigace 2.7.5"
[~] Category:  [Webapps]
[~] Tested on: [Linux /php]
 
[+]poc:
~~~~~~~~~

[~] ExploiT :
/addon/FCKeditor/editor/filemanager/connectors/uploadtest.html
 
[~] Example:


修复:FCKeditor是老问题了