KCFinder 2.2 Arbitrary File Upload Vulnerability

2010-10-15 13:15:05

: # Exploit Title: kcfinder 2.2 upload shell :
: # Date: 15/10/2010 :
: # Author: saudi0hacker :
: # Software Link: http://kcfinder.sunhater.com/ :
: # Version: 2.x :
: # Tested on: linux b0x :
: # Greetz to : All of my Friends :
----------------------------------------------------------------------------------------------

[~] STEP 1 > Go to target link

http://localhost/KCFinder/browse.php

[~] STEP 2 > upload your shell as [shell.php.jpg]

[~] Th3 End

Fixes

No fixes

In order to submit a new fix you need to be registered.