Lucene search

K

kimwebsites-upload.txt

🗓️ 10 Sep 2008 00:00:00Reported by Ciph3rType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 15 Views

KimWebsite Remote Arbitrary File Upload vulnerability by S4rK3VT Hacking TEAM, discovered by Ciph3r with medium impact, allows file upload to web root via fckeditor

Show more
Code
`########################################################################  
#  
# S4rK3VT Hacking TEAM  
#  
# Title: KimWebsite (fckeditor) Remote Arbitrary File Upload  
# Vendor: http://sourceforge.net/project/showfiles.php?group_id=196819  
# discover by : Ciph3r  
# We Are : Ciph3r & Rake  
# [email protected]  
# Impact: Medium  
# Fix: N/A  
# Expl0ters Security TEAM ==>> www.Expl0iters.ir  
########################################################################  
  
####################  
- Vulnerability:  
####################  
  
+--> Fckeditor Arbitrary File Upload  
  
The problem is that it is possible to upload files to a location inside the web root "/userdata" via the  
  
[path]/fck/editor/filemanager/upload/php/upload.php script.  
  
  
####################  
- Exploit:  
####################  
  
http://example.com/[path]/fck/editor/filemanager/upload/test.html  
  
####################  
- Solution:  
####################  
  
Restrict and grant only trusted users access to the resources.  
  
####################  
- GreTzZ :  
####################  
  
Iranian Hacker & Kurdish Security TEAM & My Mother  
  
####################  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo