Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Geeklog 1.6.0sr1 File Upload

🗓️ 23 Aug 2009 00:00:00Reported by JaL0hType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 28 Views

Geeklog 1.6.0sr1 Remote Arbitrary File Upload Vulnerabilit

Code
`==============================================================================  
Geeklog <= v1.6.0sr1 - Remote Arbitrary File Upload  
  
Software Site: http://www.geeklog.net  
  
Dork: "By Geeklog" "Created this page in" +seconds +powered  
inurl:public_html  
==============================================================================  
  
Vulnerabilities  
==================  
  
Default Insecure Configuration  
  
Configuration settings for FCKeditor shipped with Geeklog are insecure by  
default. They allow attackers to view and upload files and folders  
under its predefined image upload directory. This is not FCKeditor's fault,  
the Geeklog developers enabled the insecure configuration. Abuse works  
whether  
the FCKeditor is enabled or disabled in the Geeklog configuration.  
  
http://##  
www.site.com##/fckeditor/editor/filemanager/browser/default/browser.html?Type=&Connector=http%3A%2F%2F##www.site.com##%2Ffckeditor%2Feditor%2Ffilemanager%2Fconnectors%2Fphp%2Fconnector.php  
  
Replace ##www.site.com## <http://www.site.com#%23> with the URL of the  
Geeklog site.  
  
Opens an interactive browser session where you can create directories  
and upload files. This also exposes all the files in the  
images/Library/File|Image|Media|Flash directories.  
  
Arbitrary File Hosting  
  
Using the interactive session above you can upload files to the server.  
File uploads are restricted by directory and type:  
  
File/ directory  
'7z', 'aiff', 'asf', 'avi', 'bmp', 'csv', 'doc', 'fla', 'flv', 'gif',  
'gz',  
'gzip', 'jpeg', 'jpg', 'mid', 'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg',  
'ods', 'odt', 'pdf', 'png', 'ppt', 'pxd', 'qt', 'ram', 'rar', 'rm', 'rmi',  
'rmvb', 'rtf', 'sdc', 'sitd', 'swf', 'sxc', 'sxw', 'tar', 'tgz', 'tif',  
'tiff', 'txt', 'vsd', 'wav', 'wma', 'wmv', 'xls', 'xml', 'zip'  
  
Image/ directory  
'bmp','gif','jpeg','jpg','png'  
  
Flash/ directory  
'swf','flv'  
  
Media/ directory  
'aiff', 'asf', 'avi', 'bmp', 'fla', 'flv', 'gif', 'jpeg', 'jpg', 'mid',  
'mov', 'mp3', 'mp4', 'mpc', 'mpeg', 'mpg', 'png', 'qt', 'ram', 'rm',  
'rmi', 'rmvb', 'swf', 'tif', 'tiff', 'wav', 'wma', 'wmv'  
  
The max allowable upload size is not restricted, this will depend on the  
web server's settings and PHP timeout value.  
  
Default location for uploads is  
http://www.geeklogsite.com/images/Library/File/  
  
Potential Abuse  
- Create a directory using the interactive session above under the File  
section.  
- Upload your files to the new directory  
- Host your sound,movie,pictures, or zipped archives for FREE!  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
23 Aug 2009 00:00Current
7.4High risk
Vulners AI Score7.4
geeklogarbitrary file uploadinsecure configurationfile hostingremote uploadfile type restrictionsabuse potentialphp timeoutweb server settingsinteractive session
28