22 lines
888 B
Text
Executable file
22 lines
888 B
Text
Executable file
- Title: FCKEditor 2.6.8 ASP Version File Upload Protection bypass
|
|
- Credit goes to: Mostafa Azizi, Soroush Dalili
|
|
- Link:http://sourceforge.net/projects/fckeditor/files/FCKeditor/
|
|
- Description:
|
|
There is no validation on the extensions when FCKEditor 2.6.8 ASP version is
|
|
dealing with the duplicate files. As a result, it is possible to bypass
|
|
the protection and upload a file with any extension.
|
|
- Reference: http://soroush.secproject.com/blog/2012/11/file-in-the-hole/
|
|
- Solution: Please check the provided reference or the vendor website.
|
|
|
|
- PoC:http://www.youtube.com/v/1VpxlJ5jLO8?version=3&hl=en_US&rel=0&vq=hd720
|
|
"
|
|
|
|
Note: Quick patch for FCKEditor 2.6.8 File Upload Bypass:
|
|
|
|
In “config.asp”, wherever you have:
|
|
|
|
ConfigAllowedExtensions.Add “File”,”Extensions Here”
|
|
|
|
Change it to:
|
|
|
|
ConfigAllowedExtensions.Add “File”,”^(Extensions Here)$”
|