TransLucid 1.75 (fckeditor) Remote Arbitrary File Upload

2008.09.04
Credit: bugreport
Risk: High
Local: No
Remote: No
CVE: N/A
CWE: N/A

########################## www.BugReport.ir ####################################### # # AmnPardaz Security Research Team # # Title: TransLucid 1.75 (fckeditor) Remote Arbitrary File Upload # Vendor: www.translucidonline.com # Vulnerable Version: 1.75 (prior versions also may be affected) # Exploitation: Remote with browser # Exploit: Available # Impact: Medium # Fix: N/A # Original Advisory: http://www.bugreport.ir/index_51.htm ################################################################################### #################### - Description: #################### transLucid is the simple website publishing system with which anyone can create and maintain web content, in multiple languages and based on a growing list of ready-made, professional layouts. #################### - Vulnerability: #################### +--> Fckeditor Arbitrary File Upload The problem is that it is possible to upload files to a location inside the web root "/userdata" via the /editors/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php script. #################### - Exploit: #################### http://example.com/transLucid_175/editors/FCKeditor/editor/filemanager/browser/default/connectors/test.html #################### - Solution: #################### Restrict and grant only trusted users access to the resources. #################### - Credit : #################### AmnPardaz Security Research & Penetration Testing Group Contact: admin[4t}bugreport{d0t]ir WwW.BugReport.ir WwW.AmnPardaz.com

References:

http://seclists.org/bugtraq/2008/Sep/0032.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top