53 lines
No EOL
1.5 KiB
Text
53 lines
No EOL
1.5 KiB
Text
########################## www.BugReport.ir #######################################
|
|
#
|
|
# AmnPardaz Security Research Team
|
|
#
|
|
# Title: TransLucid 1.75 (fckeditor) Remote Arbitrary File Upload
|
|
# Vendor: www.translucidonline.com
|
|
# Vulnerable Version: 1.75 (prior versions also may be affected)
|
|
# Exploitation: Remote with browser
|
|
# Exploit: Available
|
|
# Impact: Medium
|
|
# Fix: N/A
|
|
# Original Advisory: http://www.bugreport.ir/index_51.htm
|
|
###################################################################################
|
|
|
|
####################
|
|
- Description:
|
|
####################
|
|
|
|
transLucid is the simple website publishing system with which anyone can create and maintain web content, in multiple languages and based on a
|
|
growing list of ready-made, professional layouts.
|
|
|
|
####################
|
|
- Vulnerability:
|
|
####################
|
|
|
|
+--> Fckeditor Arbitrary File Upload
|
|
|
|
The problem is that it is possible to upload files to a location inside the web root "/userdata" via the
|
|
|
|
/editors/FCKeditor/editor/filemanager/browser/default/connectors/php/connector.php script.
|
|
|
|
|
|
####################
|
|
- Exploit:
|
|
####################
|
|
|
|
http://example.com/transLucid_175/editors/FCKeditor/editor/filemanager/browser/default/connectors/test.html
|
|
|
|
####################
|
|
- Solution:
|
|
####################
|
|
|
|
Restrict and grant only trusted users access to the resources.
|
|
|
|
####################
|
|
- Credit :
|
|
####################
|
|
AmnPardaz Security Research & Penetration Testing Group
|
|
Contact: admin[4t}bugreport{d0t]ir
|
|
WwW.BugReport.ir
|
|
WwW.AmnPardaz.com
|
|
|
|
# milw0rm.com [2008-09-03] |