xPointers (fckeditor) File Upload Vulnerability
CVE |
Category |
Price |
Severity |
CVE-2007-0650 |
CWE-434 |
$300 |
High |
Author |
Risk |
Exploitation Type |
Date |
Xc0re Security Research Group |
High |
Remote |
2010-10-15 |
CPE |
cpe:cpe:/a:fckeditor:file_upload_vulnerability |
CVSS vector description
Metric |
Value |
Metric Description |
Value Description |
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2010100059
Below is a copy:
===============================================
xPointers (fckeditor) File Upload Vulnerability
===============================================
# Author: ashiyane digital security team
# Version: 1.1
# Category:: upload bug
# Home: Ashiyane.Org
Discovered By: Net.Edit0r
Greetz To:Behrooz_ice,Virangar,keivan,iman_taktaz,A.S.P.I.R.I.N,Classic,elvator
and all ashiyane members
# Google dork: "Powered by xPointers"
p0c:http://localhost/fckeditor/editor/filemanager/upload/test.html
select Upload File >
your File uploaded in:http://localhost/uploads/[Namefile]
Demo : http://relocare.in/fckeditor/editor/filemanager/connectors/uploadtest.html
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.