Patch CKFinder editor File Parsing Vulnerability

G4by

All over the world, this vulnerability is of course a program we use is no exception. By the way, it means that I am a php illiterate and I am forced out ~

What we need to do is to comment out all the directories created from the renamed directory and rename the file. It's easy to see the code.

All the functions are captured by the packet and then found in the file to comment out the following:

Of course, the directory is not necessarily the path where you can find files according to your actual situation.

0x1 comment out the Directory Creation

Ckfindercoreconnectorphpphp4CommandHandlerCreateFolder. php

Ckfindercoreconnectorphpphp5CommandHandlerCreateFolder. php

 

/* Do not create new folders.

$ SNewFolderName = isset ($ _ GET ["NewFolderName"])? $ _ GET ["NewFolderName"]: "";
$ SNewFolderName = CKFinder_Connector_Utils_FileSystem: convertToFilesystemEncoding ($ sNewFolderName );
If ($ _ config-> forceAscii ()){
$ SNewFolderName = CKFinder_Connector_Utils_FileSystem: convertToAscii ($ sNewFolderName );
}

 

If (! CKFinder_Connector_Utils_FileSystem: checkFileName ($ sNewFolderName) | $ _ resourceTypeConfig-

> CheckIsHiddenFolder ($ sNewFolderName )){
$ This-> _ errorHandler-> throwError (CKFINDER_CONNECTOR_ERROR_INVALID_NAME );
}

*/

 

0x2 comment out the renamed File

Ckfindercoreconnectorphpphp4CommandHandlerRenameFile. php

Ckfindercoreconnectorphpphp5CommandHandlerRenameFile. php

/* File rename prohibited

}
If (! Isset ($ _ GET ["newFileName"]) {
$ This-> _ errorHandler-> throwError (CKFINDER_CONNECTOR_ERROR_INVALID_NAME );
}

*/

0x3 comment out and rename the Directory

Ckfindercoreconnectorphpphp4CommandHandlerRenameFolder. php

Ckfindercoreconnectorphpphp5CommandHandlerRenameFolder. php

/* Folder rename prohibited

If (! Isset ($ _ GET ["NewFolderName"]) {
$ This-> _ errorHandler-> throwError (CKFINDER_CONNECTOR_ERROR_INVALID_NAME );
}

$ NewFolderName = CKFinder_Connector_Utils_FileSystem: convertToFilesystemEncoding ($ _ GET ["NewFolderName"]);
$ _ Config = & CKFinder_Connector_Core_Factory: getInstance ("Core_Config ");
If ($ _ config-> forceAscii ()){
$ NewFolderName = CKFinder_Connector_Utils_FileSystem: convertToAscii ($ newFolderName );
}
$ ResourceTypeInfo = $ this-> _ currentFolder-> getResourceTypeConfig ();

If (! CKFinder_Connector_Utils_FileSystem: checkFileName ($ newFolderName) | $ resourceTypeInfo-> checkIsHiddenFolder ($ newFolderName )){
$ This-> _ errorHandler-> throwError (CKFINDER_CONNECTOR_ERROR_INVALID_NAME );
}
*/