EgO v0.7b (fckeditor) Remote File Upload

2010.05.17

Credit: ITSecTeam

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

##########################################################
#Title: EgO v0.7b (fckeditor) Remote File Upload
#Download: http://sourceforge.net/projects/vairux-ego/
##########################################################
#AUTHOR: ITSecTeam
#Email: Bug@ITSecTeam.com
#Website: http://www.itsecteam.com
#Forum : http://forum.ITSecTeam.com
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability53.htm
#Thanks: r3dm0v3,Mehr@n.s,pejvak,am!rkh@n
##########################################################
#DESCRIPTION (by vendor):#################################
EgO is a PHP script that makes easier the set up and administration of a
website.
EgO supports customizable skins and modules that would be designed to fit
specific
needs.EgO features a new WYSIWYG editor (FCKEditor), dynamic RSS 2.0
Syndication, etc..
#POC:#####################################################
http://site.com/FCKEditor/editor/filemanager/browser/
default/connectors/test.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

EgO v0.7b (fckeditor) Remote File Upload

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.