EgO v0.7b (fckeditor) Remote Arbitrary File Upload Vulnerability

2010-05-16 09:04:01

##########################################################
#Title: EgO v0.7b (fckeditor) Remote File Upload
#Download: http://sourceforge.net/projects/vairux-ego/
##########################################################
#AUTHOR: ITSecTeam
#Email: [email protected]
#Website: http://www.itsecteam.com
#Forum : http://forum.ITSecTeam.com
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability53.htm
#Thanks: r3dm0v3,[email protected],pejvak,am!rkh@n
##########################################################

#DESCRIPTION (by vendor):#################################
EgO is a PHP script that makes easier the set up and administration of a
website.
EgO supports customizable skins and modules that would be designed to fit
specific
needs.EgO features a new WYSIWYG editor (FCKEditor), dynamic RSS 2.0
Syndication, etc..

#POC:#####################################################
http://site.com/FCKEditor/editor/filemanager/browser/
default/connectors/test.html

Fixes

No fixes

In order to submit a new fix you need to be registered.