Wordocs Israel FCKeditor Shell Upload

2012.09.05
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-264

---------------------------------------------------------------- Wordocs Israel FCKeditor Shell Upload Disclosure Vulnerabilities ---------------------------------------------------------------- # Exploit Title: Wordocs Israel FCKeditor Shell Upload Disclosure Vulnerabilities # Google Dork: inurl:/files/wordocs/ site:il # Application Name: [Wordocs Israel] # Date: 2012-09-04 # Author: BHG Security Center # Home: http://cc.black-hg.org - http://greyh4t.com/cc/ # Version: [ 0.4.1.16 ] # Impact : [ High ] # Tested on: [linux+apache] # CVE : Webapps # Finder(s): - Net.Edit0r (Net.Edit0r [at] att [dot] net) # Note: Please note there is a vulnerability in the site of non-Israeli # Description: : You can directly upload your shellcode and use server +-----------------------+ | Shellcode Upload | +-----------------------+ The vulnerable code is located in /FCKeditor/editor/plugins/uploadme/fck_uploadme.php Proof of Concept: ----------------- ~ PoC : http://localhost/FCKeditor/editor/plugins/uploadme/fck_uploadme.php ~ File upload path : http://[Target]/files/wordocs/shell.php ~~~~~~~~ Demo : http://facet-theory.org/FCKeditor/editor/plugins/uploadme/fck_uploadme.php ~ Study of Vulnerability : http://www.mediafire.com/?qedv4dq6b4yfqcz [-] Disclosure timeline: [04/08/2011] - Vulnerabilities discovered [14/10/2011] - Others vulnerabilities discovered [15/10/2011] - Issues reported to http://black-hg.org [04/09/2012] - Public disclosure # Greets To : Net.Edit0r ~ A.Cr0x ~ 3H34N ~ G3n3Rall ~ l4tr0d3ctism ~ NoL1m1t ~ Mr.XHat THANKS TO ALL Iranian HackerZ ./Persian Gulf ===========================================[End]=============================================

References:

http://greyh4t.com/cc/
http://cc.black-hg.org
http://www.mediafire.com/?qedv4dq6b4yfqcz


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top