Posted on July 29, 2011 at 11:10 AM |
================================================
osPHPSite (FCKeditor) File Upload Vulnerability
================================================
:-------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : osPHPSite (FCKeditor) File Upload Vulnerability
: # Date : 29 July 2011
: # Author : X-Cisadane
: # Software Link : http://sourceforge.net/projects/osphpsite/ or http://www.osphpsite.com
: # Version : 1.0
: # Category : Web Applications
: # Vulnerability : File Upload Vulnerability
: # Tested On : Chromium Web Browser v13 (Linux Ubuntu)
: # Greetz to : X-Code, Muslim Hackers, Depok Cyber, Hacker Cisadane, Borneo Crew, Dunia Santai, Jiban Crew, Winda Utari
:-------------------------------------------------------------------------------------------------------------------------:
# (!) Exploits & PoC :
#=========[ Upload File (via Browser) ]======
+> http://<site>/<osPHPsite installation directory>/fckeditor/editor/filemanager/upload/test.html
+> Select the "File Uploader" to use : PHP
+> Browse a file (.jpg, .gif, .txt or etc)
+> Send it to the server
-> Find it on : http://localhost/userfiles/<your file>
(+) Demo :
+> http://<site>/<osPHPsite installation directory>/fckeditor/editor/filemanager/browser/default/connectors/test.html
+> Select the "Connector" to use : PHP
+> Browse a file (.jpg, .gif, .txt or etc)
+> Upload
-> Find it on : http://localhost/userfiles/file/<your file>
(+) Demo :
Categories: Exploit
The words you entered did not match the given text. Please try again.
Oops!
Oops, you forgot something.