MauryCMS <= 0.53.2 (fckeditor) Remote Arbitrary File Upload Vuln

2008-11-23 01:00:56

########################################################################
#
# :: The Codes Like A Game Anyone Can Play With It,s ::
#
# Title: MauryCMS <= 0.53.2 (fckeditor) Remote Arbitrary File Upload
#
# Vendor: http://cms.maury91.org/Downloads/MauryCMS/MauryCMS,0.532.zip
#
# Discover by : RoMaNcYxHaCkEr (Br0k3n H34rT)
#
# My Email : [email protected] [ Please Before Added Me , Be Sure I Don,t Give You Anythings :) ]
#
# Impact: Medium
#
# Fix: Disable It In The Config File ;)
#
# Site: WwW.Sec-Code.CoM
#
# My Group : Security - Codes TeaM
#
########################################################################

####################
- Exploit:
####################

http://example.com/[path]/Editors/fckeditor/editor/filemanager/browser/default/browser.html

####################
- Solution:
####################

Restrict and grant only trusted users access to the resources.

####################
- GreTzZ :
####################

No oN3 D3s3rved Just Fuck The Lamers , Kidz Or Snitch ( I Hate Him , And Do You ...!!! )

####################

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.