osCMax 2.0 (fckeditor) Remote File Upload

2010-03-16T00:00:00
ID 1337DAY-ID-9628
Type zdt
Reporter Itsecteam
Modified 2010-03-16T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =========================================
osCMax 2.0 (fckeditor) Remote File Upload
=========================================

##############################################################################
#Title:             osCMax 2.0 (fckeditor) Remote File Upload                #
#Vendor:            http://www.oscdox.com                                    #
#Dork:              "Powered by osCMax v2.0" , "Copyright @" "RahnemaCo.com" #
##############################################################################
#AUTHOR:            ITSecTeam                                                #
#Email:             [email protected]                                        #
#Website:           http://www.itsecteam.com                                 #
#Forum :            http://forum.ITSecTeam.com                               #
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability20.htm #
#Thanks:            r3dm0v3, limpizik_neo                                    #
##############################################################################
 
#DESCRIPTION (by vendor):#####################################################
osCMax v2.0 is a powerful e-commerce/shopping cart web application. There are many advantages to using osCMax as your
e-commerce/shopping cart for your web site. It has all the features needed to run a successful internet store and can
be customized to whatever configuration you need.
osCMax v2.0 is based on osCommerce 2.2 RC2a.
 
 
#BUG:#########################################################################
file FCKeditor/editor/filemanager/browser/default/connectors/php/config.php:
 25: $Config['AllowedExtensions']['File']   = array() ;
 26: $Config['DeniedExtensions']['File']    = array('php','asp','aspx','ascx','jsp','cfm','cfc','pl','bat','exe','dll','reg') ;
 
It is still to upload files with some dangerous extensions like php3 !
 
 
#EXPLOIT:####################################################################
http://site.com/path_to_oSCMax/FCKeditor/editor/filemanager/browser/default/connectors/test.html



#  0day.today [2018-03-19]  #