Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22461
HistorySep 14, 2009 - 12:00 a.m.

Vulnerabilities in FCKeditor

2009-09-1400:00:00
vulners.com
8

Hello 3APA3A!

I want to warn you about Directory Traversal and Cross-Site Scripting
vulnerabilities in FCKeditor.

Directory Traversal:

As I know already from 2006 (25.02.2006) from disclosure of
vulnerabilities in FCKeditor, there was hole in old versions of it, which
allows to view list of arbitrary folders and create new folders in
arbitrary locations. And that's all.

But this year (01.01.2009) I found that it's also possible to upload files
to arbitrary locations. If in uploader (in test.html or connector) in field
Current Folder set "…/" than Directory Traversal attack will occur. It
allows to view list of arbitrary folders, create new folders in arbitrary
folders and to upload files to arbitrary folders.

Vulnerable are FCKeditor 2.0 FC and previous versions (old versions of
FCKeditor).

XSS:

In all versions of FCKeditor it's possible to upload swf-files. So it's
possible to conduct XSS attack via flash. It's persistent XSS.

Vulnerable are FCKeditor 2.6.3 (and 2.6.4 must be too) and previous
versions.

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/3296/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua