Everyone knows that fckeditor has many vulnerabilities, but few people build a fck test on their own to see what the vulnerability is. Why is this error sometimes? Why is it sometimes, due to the demonstration of vulnerabilities, we set up a local vulnerability environment and encountered some major and minor problems at the beginning, but all of them were solved one by one, therefore, it is easier to record and save some time for students to help me in this case.
1. First of all, we certainly have to test the fck's asp Vulnerability, such as uploading, creating, and renaming level-2 directories. However, we encountered the following problems:
This connector is disabled. Please check the "editor/filemanager/connectors/asp/config. asp
Solution: in fact, this problem is a good solution. You only need to change ConfigIsEnabled = false in editor/filemanager/connectors/asp/config. asp to true. Then asp can solve the problem.
2. The memdia situation of php is similar to that of asp. The error is almost the same, but the error is changed/Php/config. php.
Www.2tu. cc solution: change the value of $ Config ['enabled'] = false; to true.
3. the most troublesome of course is aspx, which is not as simple as modifying a file. I encountered a lot of trouble when dealing with this, because I am tired of a very low-level error, in. In the case of net1.0, aspx files can be run, but fck aspx files cannot be run. We need to solve this problem first.
Solution: Change the website attribute -asp.net-asp.net version to 2.0.
However, this still does not work, and we will find the following errors:
<%@ Page Language="c#" Trace="false" Inherits="FredCK.FCKeditorV2.FileBrowser.Connector" AutoEventWireup="false" %>
Solution: the cause of this problem is also very simple. The dll file called by fck does not exist ~~, We only need to find the bin folder under the root directory of the website. If the problem persists, we need to consider another issue ~~ The bin folder and dll file must have the same permissions as the web user of the fck editor,
There is another situation that may be encountered by students of the old fck version.
FredCK.FCKeditorV2.FileBrowserConnector·····
You only need to change it to FredCK. FCKeditorV2.FileBrowser. Connector.
It is not easy to write something, reprinted please indicate the source Author: http://www.seczero.com /? P = 18
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
