Creavion CMS remote upload vulnerability-vulnerability warning-the black bar safety net

2010-10-06T00:00:00
ID MYHACK58:62201028036
Type myhack58
Reporter 佚名
Modified 2010-10-06T00:00:00

Description

Creavion CMS program to use the Fckeditor editor, not the test page delete lead to remote file upload vulnerability.

google : "powered by creavion cms"

Upload vulnerability page:

http://Target/[path]/admin/FCKeditor/editor/filemanager/browser/default/connectors/test.html http://Target/[path]/admin/FCKeditor/editor/filemanager/browser/default/browser. html? Type=File&Connector=connectors/php/connector.php

Liezi: a

http://www.visioevents.de/admin/FCKeditor/editor/filemanager/browser/default/connectors/test.html

http://creavion.de/admin/FCKeditor/editor/filemanager/browser/default/connectors/test.html

http://www.sembdner-gitarren.de/admin/FCKeditor/editor/filemanager/browser/default/connectors/test.html