KCFinder 2.2 Arbitrary File Upload Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : KCFinder 2.2 Arbitrary File Upload Vulnerability
# Published : 2010-10-15
# Author : saudi0hacker
# Previous Title : OrangeHRM 2.6.0.1 Local File Inclusion Vulnerability
# Next Title : Stadtaus Voting v1.9.1 Remote File Include Vulnerability

: # Exploit Title: kcfinder 2.2 upload shell                                                 :
: # Date: 15/10/2010                                                                         :
: # Author: saudi0hacker                                                                     :  
: # Software Link:  http://kcfinder.sunhater.com/                                            :
: # Version: 2.x                                                                             :
: # Tested on: linux b0x                                                                     : 
: # Greetz to : All of my Friends                                                            :
----------------------------------------------------------------------------------------------

 [~] STEP 1 > Go to target link

     http://localhost/KCFinder/browse.php

 [~] STEP 2 > upload your shell as [shell.php.jpg]
  
 [~] Th3 End