Tadbir CMS (fckeditor) Remote Arbitrary File Upload Exploit Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Tadbir CMS (fckeditor) Remote Arbitrary File Upload Exploit Vulnerability
# Published : 2010-05-10
# Author : Pouya Daneshmand
# Previous Title : Dark Hart Portal (login.php) Remote File Inclusion Vulnerability
# Next Title : Family Connections 2.2.3 Multiple Remote Vulnerabilities

#################################################################  
# Securitylab.ir
#################################################################  
# Application Info:
# Name: Tadbir CMS
# Vendor: http://etadbir.com
#################################################################  
# Vulnerability Info:
# Type: Remote Arbitrary File Upload
# Risk: High
# 2010-01-12 - Found Vulnerability
# 2010-04-22 - Vendor notified
# 2010-05-08 - Public disclosure
#################################################################
Vulnerability:
http://site.ir/editor/editor/filemanager/upload/test.html
#################################################################  
# Discoverd By: Pouya Daneshmand
# Website: http://Pouya.Securitylab.ir
# Contacts: info[at]securitylab.ir & whh_iran[at]yahoo.com
###################################################################