EgO 0.7b - 'FCKeditor' Arbitrary File Upload

EDB-ID:

12628

CVE:

N/A


Platform:

PHP

Published:

2010-05-16

##########################################################
#Title: EgO v0.7b (fckeditor) Remote File Upload
#Download: http://sourceforge.net/projects/vairux-ego/
##########################################################
#AUTHOR: ITSecTeam
#Email: Bug@ITSecTeam.com
#Website: http://www.itsecteam.com
#Forum : http://forum.ITSecTeam.com
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability53.htm
#Thanks: r3dm0v3,Mehr@n.s,pejvak,am!rkh@n
##########################################################

#DESCRIPTION (by vendor):#################################
EgO is a PHP script that makes easier the set up and administration of a
website.
EgO supports customizable skins and modules that would be designed to fit
specific
needs.EgO features a new WYSIWYG editor (FCKEditor), dynamic RSS 2.0
Syndication, etc..

#POC:#####################################################
http://site.com/FCKEditor/editor/filemanager/browser/
default/connectors/test.html