GeekLog 1.7.0 (fckeditor) Arbitrary File Upload Vulnerability

2010-10-19T00:00:00
ID 1337DAY-ID-14516
Type zdt
Reporter Kubanezi AHG
Modified 2010-10-19T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =============================================================
GeekLog 1.7.0 (fckeditor) Arbitrary File Upload Vulnerability
=============================================================

###################################################                                               
#        db         88        88    ,ad8888ba,    #
#       d88b        88        88   d8"'    `"8b   # 
#      d8'`8b       88        88  d8'             #
#     d8'  `8b      88aaaaaaaa88  88              #
#    d8YaaaaY8b     88""""""""88  88      88888   #
#   d8""""""""8b    88        88  Y8,        88   #
#  d8'        `8b   88        88   Y8a.    .a88   #
# d8'          `8b  88        88    `"Y88888P"    #
#                                                 #
#                                                 #
###################################################
#
# Exploit Title: Geeklog
# Date: 18-10-2010
# Author: Kubanezi AHG
# Software Link: http://www.geeklog.net/
# Version: 1.7.0
# Tested on: Linux Ubuntu 9.04                       
# dork : inurl:"/geeklog/"    
# Contact: [email protected]                       
#                                                    
####################################################
 
    exploit # geeklog/fckeditor/editor/filemanager/upload/test.html
 
 
first go to # http://site.com/Geeklog/
 
 
       then # http://site.com/Geeklog/fckeditor/editor/filemanager/upload/test.html
    
     select # "php"
 
 
Upload There Hacked.txt  And Copy Output Link
 
#######################################################
            Exploit By Kubanezi
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
 
Greetz : AHG-Crew , Mistreriozi , Boom ,Twilight , AutoruN , DoctorSQl
          , Drake , Dj-Dukli , EragoN , Khaled , MossaD , BH-TREX



#  0day.today [2018-01-06]  #