New User, Welcome!     Login

Knowledgeroot (fckeditor) Remote Arbitrary File Upload Exploit

Related Terms:
The Script access versions
From: eidelweiss cyberservices com
To: bugtraq securityfocus com
Cc:
Subject: Knowledgeroot (fckeditor) Remote Arbitrary File Upload Exploit
Date: Tue - May 04, 2010 04:33 PM 


-=[ Description ]=-

A security issue has been discovered in Knowledgeroot, which can be exploited by malicious people to bypass certain security restrictions.

Access to the enabled FCKeditor component is not properly restricted, which can be exploited to e.g upload files of certain types.

The security issue is confirmed in version 0.9.9.5 Other versions may also be affected.

-=[ Solution ]=-

Restrict access to the extension/fckeditor/fckeditor/editor/filemanager/connectors/php/config.php script (e.g. via .htaccess)

To Proof This Concept , The Script Remote c0de available here:

http://www.inj3ct0r.com/exploits/12132


Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!