########################## www.BugReport.ir ####################################### # # AmnPardaz Security Research Team # # Title: TransLucid 1.75 (fckeditor) Remote Arbitrary File Upload # Vendor: www.translucidonline.com # Vulnerable Version: 1.75 (prior versions also may be affected) # Exploitation: Remote with browser # Exploit: Available # Impact: Medium # Fix: N/A # Original Advisory: http://www.bugreport.ir/index_51.htm ################################################################################### #################### - Description: #################### transLucid is the simple website publishing system with which anyone can create and maintain web content, in multiple languages and based on a growing list of ready-made, professional layouts. #################### - Vulnerability: #################### +--> Fckeditor Arbitrary File Upload The problem is that it is possible to upload files to a location inside the web root "/userdata" via the /editors/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php script. #################### - Exploit: #################### http://example.com/transLucid_175/editors/FCKeditor/editor/filemanager/browser/default/connectors/test.html #################### - Solution: #################### Restrict and grant only trusted users access to the resources. #################### - Credit : #################### AmnPardaz Security Research & Penetration Testing Group Contact: admin[4t}bugreport{d0t]ir WwW.BugReport.ir WwW.AmnPardaz.com