[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Knowledgeroot (fckeditor) Remote Arbitrary File Upload Exploit

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Knowledgeroot (fckeditor) Remote Arbitrary File Upload Exploit
From: Frank Habermann <lordlamer@xxxxxxxxxxxx>
Date: Wed, 5 May 2010 21:28:01 +0200

Hi,

> Restrict access to the
> extension/fckeditor/fckeditor/editor/filemanager/connectors/php/config.php
> script (e.g. via .htaccess)
>
> To Proof This Concept , The Script Remote c0de available here:
>
> http://www.inj3ct0r.com/exploits/12132
I have checked this and your proof of concept does not work for me!

And what should the config.php do? Their is no running code in it. Only a 
configuration file.

regards,
Frank

References:
- Knowledgeroot (fckeditor) Remote Arbitrary File Upload Exploit
  - From: eidelweiss

Prev by Date: PCRE compile workspace overflow
Next by Date: fetchmail security announcement fetchmail-SA-2010-02 (CVE-2010-1167)
Previous by thread: Knowledgeroot (fckeditor) Remote Arbitrary File Upload Exploit
Next by thread: [security bulletin] HPSBMA02400 SSRT080144 rev.4 - HP OpenView Network Node Manager (OV NNM), Remote Execution of Arbitrary Code
Index(es):
- Date
- Thread