MarketSaz remote file upload vulnerability-vulnerability warning-the black bar safety net

2010-06-22T00:00:00
ID MYHACK58:62201027319
Type myhack58
Reporter 佚名
Modified 2010-06-22T00:00:00

Description

MarketSaz the use of fckeditor editor, not on the editor to upload the test page to remove the lead to upload executable script vulnerability. Bulk google: English = Powered MarketSaz

EXP: a<http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html>

shell:<http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/php/shell.php>

Or

<http://server/shell.php>

Author: NetQurd